IntraCare has not said how many patients were affected.
Photo: Unsplash / RNZ
Private healthcare provider IntraCare can now confirm patient data was accessed during a cyber breach in March, and says it’s identified a group which may be responsible.
The company, which specialises in “image-guided precision medical diagnostics and interventions”, became aware of the breach on Friday, 20 March, and immediately shut down its IT systems.
In an update on its website, the company said it has now made direct contact via email with affected patients. It did not answer questions from RNZ on how many patients were affected.
“The investigation to identify who is responsible is an ongoing process and although a group that we suspect may be in possession of personal information has been identified, under the Privacy Act no details that could identify that group can be provided.”
Cyber experts and the police were monitoring for unauthorised use or distribution of the data. “At this time, we do not have evidence of unauthorised use.”
It has taken out a High Court injunction to help protect any data that may have been accessed, and says the Office of the Privacy Commissioner, government agencies and the police have been kept informed.
A total of 28 procedures were either deferred or relocated in the week following the incident. Full services resumed on 30 March.
“We recommend caution – not only due to this incident but also as cyber incidents are on the rise.”
ManageMyHealth and MediMap have both been breached in recent months, and at least one GP, in Wellington, has ceased uploading consult record to the portal MyIndici, although there is no indication that particular platform has been affected.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.