Data stolen in Pinnacle attack posted online

NEWS - eHealthNews.nz editor Rebecca McBeth

Information stolen from Pinnacle Midlands Health Network's IT platform, including individual screening and immunisation data, has been uploaded to the dark web by cyber criminals.

The information and data relates to past and present patients and customers of the Pinnacle group in the Waikato, Lakes, Taranaki and Tairāwhiti districts. It also includes Primary Health Care Ltd practices from across Taranaki, Rotorua, Taupō-Tūrangi, Thames-Coromandel and Waikato.

Pinnacle Health suffered a cyber-attack on Wednesday 28 September. A statement from the Network says malicious actors accessed a third-party IT server, and the affected IT was immediately taken offline and contained.

Justin Butcher, chief executive of Pinnacle Incorporated, says much of the information and data that was stolen has since been made public.

You’ve read this article for free, but good journalism takes time and resource to produce. Please consider supporting eHealthNews by becoming a member of HiNZ, for just $17 a month.

“We acknowledge that this will be concerning to our patients and their whānau, and we are taking this seriously," he says.

“While Pinnacle does not hold GP notes and consultation records, we now have a much clearer understanding of the breadth of stolen data. This includes high level data related to the use of hospital services, claiming information related to services that Pinnacle provides, and information sent to practices around immunisation and screening status of individual patients.

“Cyber incidents like this are a constant threat, and while they are the doing of malicious actors, we feel for everyone who may have been affected," says Butcher.

Head of cyber at Theta, Pete Bailey, says only those people within Pinnacle Health and responding to the incident have knowledge of what is happening there, but the attack appears to follow a pattern seen for the past few years, where attackers are generally trying to extort a ransom from a victim.

"The approach is to gain access to the system, download information (normally sensitive information such as patient data or financial information), and then ask for payment so that the information won’t be published," he says.

"When the organisation doesn’t pay the ransom, then a sample of the information is often published on the dark web to prove that they have it, and try and get the victim to pay."

Bailey says the issue with these attacks is that even if the ransom is paid, and the attacker says that they have deleted the data, they often do not, as it is too valuable to them.

"They often extort a ransom from a victim, and then a few months later go ahead and sell the data on the dark web as well. This way they get a much better financial return for the time they have put into the attack," he says.

Pinnacle has notified the police and the Office of the Privacy Commissioner about the attack.

Watch the HiNZ webinar, Health Cybersecurity: emerging threats and the national response, on-demand now.


To comment on or discuss this news story, go to the eHealthNews category on the HiNZ eHealth Forum

Read more Infrastructure news

Return to eHealthNews.nz home page