Pinnacle Health hack: Cybersecurity expert offers tips on minimizing risks

Pinnacle Health hack: Cybersecurity expert offers tips on minimizing risks

Pinnacle says it doesn’t keep information like GP notes, but it does keep personal information like names, addresses, and National Health Index numbers. (file image)
picture: 123RF

One expert says people worried about the security of their health data could ask a credit agency to put an alert system in place.

Expert advice after yesterday’s disclosure that Pinnacle Midlands Health investigates major cyber attack Hackers could potentially access patient data of up to 450,000 people across the North Island.

The network was hacked on September 28, affecting regional offices and GP practices across Taranaki, Rotorua, Topo-Turingi, Thames Coromandel and Waikato.

The company said that although the hacked system did not contain medical notes for patients, it did contain personal information.

The potential for identity theft has been a concern for all affected people, however, Pinnacle has been open about it and has been directing people toward the IDCARE support service and the tools available to try to protect them, said Alistair Millar, a cybersecurity expert from Aura Information Security. identification.

Pinnacle Midlands Health has not commented on whether it is negotiating with hackers.

But Millar said it was possible that hackers could seek a large sum of money in return or sell data on the dark web, as happened in a separate hack of the Waikato District Health Board last year.

With people’s NHI number and contact information, he said, hackers can get credit cards, get loans, or buy gift cards.

“It’s surprisingly common, and it’s clear that credit card companies and other companies [businesses] I will work hard to help you but it is not a pleasant experience and it takes some time to solve.”

Anxious patients can go to Pinnacle website For advice on available help, check their credit history with agencies like Centrix, and get a credit freeze of about three weeks if they think they are at risk or affected.

The best thing for people concerned about the security of their health data, Millar said, is to contact a credit agency and see if they can get an alert in place.

“So if a credit or credit check is drawn against you, you’ll get an alert and you can then go to ‘I didn’t do it’ or ‘I did it’ so you know, and that will apply to banking, insurance and any other kind of thing where you provide your information.”

He said strong protections for IT systems were available, but the health system was particularly vulnerable due to some legacy systems still in place.

“Patient’s notes are untouched’

Pinnacle Midlands Health said it has a “fair indication” of How did the main hack happen? But he could not provide any other details.

CEO Justin Butcher said cyber security experts have advised against making this information public.

He said the number of people affected was still being analyzed.

Tell morning report He was waiting for the latest information before he mentioned how many people were able to reach the number 0800121068 which was helping the concerned people who may have been affected.

Butcher said the medical records were stored in a separate domain that was not affected.

“So we are confident based on the information we have at the moment that the patient’s observations have not been compromised,” he said.

The attack comes less than a year after the government announced $75 million in funding to boost cybersecurity in the health system.

Pinnacle has not received any further funding but has continued to speak to Whatu Ora Health New Zealand.

It has conducted internal and external audits of Pinnacle’s systems over the past 12 months and has also worked on recommendations distributed through the health sector.

“But obviously we always want to make sure we’re on top, so we’ll look at that as part of our review.”

In May 2021, The hack paralyzed services across five hospitals, including Waikato Those responsible for the ransomware attack dumped large chunks of patient and employee details at DHB on the dark web.

#Pinnacle #Health #hack #Cybersecurity #expert #offers #tips #minimizing #risks

Leave a Comment

Your email address will not be published. Required fields are marked *