In August, DHBs were made aware of an unauthorised intrusion to the digital information systems of Tū Ora Compass Health PHO (Primary Health Organisation).
A careful investigation has not yet been able to determine with any certainty whether the unauthorised access resulted in any information being taken. The security breaches affected up to one million Mid Central and Wellington patients primary care records.
Waikato DHB and PHOs in the Waikato district were not affected in this cyber incident, however it highlights the very real threat systems are under.
The Ministry of Health has requested all DHBs and PHOs provide them with formal assurance that all solutions containing patient or staff data, accessible through the internet or via Connected Health, are secure and that the organisation has appropriate privacy and security controls in place.
We are confident that we are taking reasonable and prudent steps, to ensure the protection of both patient and staff data and where risks are identified making informed decisions regarding the management of these.
Waikato DHB continually review and strengthen the protocols and security measures to ensure systems and patient information are safe with a range of stringent measures, including external independent audit, overseen by a Privacy Officer and Information Security and Privacy Governance Group.
It is our expectation that this security and privacy breach, on the back of other recent government sector breaches (Ministry of Culture and Heritage, NZTA, AirNZ, etc.), is likely to result in increased oversight and monitoring by the Ministry of Health and Department of Internal Affairs of our privacy and security controls and governance framework.