The monumental District Health Board data hack


As many as 913,000 patients may have had their records accessed in a massive data breach of New Zealand District Health Boards. The hack, which is thought to have also affected Public Health Organizations, was concentrated on the Tu Ora Compass’s computer system. As officials try to contain the damage, it raises – yet again – some damaging questions about the cyber security of Government agencies in New Zealand.

I have long thought that New Zealand has been too slack with data security in Government agencies. It is a recurring problem that has at some point or another affected Inland Revenue Department, Accident Compensation Corporation, Department of Work and Income, to name just a few. All of these agencies have been breached in the last decade, with some of the breaches involving thousands of files being misused or misplaced.

But back to what I think might be one of the biggest data hacks in all New Zealand history. Whilst it is good that the Chief Executive has apologized, it is not enough and there are major failings. Glaring questions need to be rapidly answered by the Ministry, the Chief Executive and those responsible for the maintenance of the data. Very quickly the Chief Executive must find out what steps can be immediately taken to tighten up the security of M.o.H. systems and equally quickly the M.o.H. system administrators must action those recommendations.

The breach appears to affect the lower North Island, particularly people in Wellington, Kapiti Coast  and Wairarapa. 648,000 are thought to be affected, but given the data goes back over a decade and includes people who have deceased, the number of affected patients might be close to 1 million people.

Ministry of Health have to own this incident. If they cannot, Chief Executive Martin Hefford should hand his resignation in, for it was his responsibility to make sure M.o.H. had the correct procedures and personnel.

New Zealanders should be short on  patience with Government agencies treating cyber security so poorly as to let this happen. But I have the feeling that after a brief burst of indignation, people will merely shrug their shoulders and life will carry own as if it never happened. The agencies will heave a sigh of relief and say “we got through that one – I am sure we will be fine in the future”, instead of holding those who failed in their roles to account.

It is this kind of resigned behaviour, touched with a bit of “She’ll be right”, implying things will sort themselves out instead of New Zealanders ensuring that the situation before them improves that prevents this nation getting better. We can be a lot better at these issues, but until we start dragging officials over the coals for indiscretions there will not be any progress.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.