Cambridge Edition

Cyber attack expert urges caution


A data expert says it’s likely a valid administra­tive account was used in the cyber attack of a major primary health provider’s system.

The cyber attack took place on Wednesday, September 28 and has compromise­d patient details kept by Waikato and Bay of Plenty health provider Pinnacle, which operates dozens of GP practices.

The affected IT was immediatel­y taken offline and contained, but the Pinnacle group regional offices, and Primary Health Care Ltd practices across Taranaki, Rotorua, Taupō-Tūrangi, Thames-Coromandel and Waikato were impacted.

Datacom cybersecur­ity director Matthew Evetts said though informatio­n about the nature of the attack had not been released, it was likely a valid administra­tive account was used to access the system.

This was because some users reported their devices resetting, raising the first alarm of an attack.

He said these details could have been stolen or bought, but because they were real accounts they were more difficult to pick up.

Chief executive Justin Butcher said on Tuesday that investigat­ions were still underway, but it appeared the ‘‘malicious actors’’ had accessed informatio­n from the system, which could include commercial and personal details.

Butcher would not say if any demands had been made from the ‘‘malicious actors’’ and did not know what they would do with the accessed informatio­n.

Pinnacle does not hold informatio­n such as GP notes, but does hold personal informatio­n such as names, addresses, and National Health Index (NHI) numbers.

‘‘At this point in time, we cannot confirm what specific data or informatio­n may have been accessed, but we are working through a process to better understand that,’’ he said.

‘‘This will take time, however, we believe it is important to disclose this incident now, so we can support those people who have potentiall­y been impacted.’’

On Wednesday, a spokespers­on said the investigat­ion was still in early stages and there was no further informatio­n.

In a statement Pinnacle said it ‘‘engaged external support partners and launched an in-depth investigat­ion alongside relevant authoritie­s.

‘‘We have also laid a complaint with the police and are working alongside Te Whatu Ora and a number of other Government agencies.’’

Evetts said stolen personal data was usually stolen to be sold and used for fraud or for gaining more informatio­n. The personal informatio­n could be leveraged to uncover more informatio­n about the person before it was used to extort money out of a person or organisati­on.

He said patients involved with Pinnacle’s GP centres should, now more than ever, be careful about their online activity.

People should also make sure the person or organisati­on they were dealing with online was who they said they were.

He said using a password vault was a good way to keep on top of having a unique password that was regularly changed.

Evetts said Pinnacle had done the right thing by enlisting experts to forensical­ly investigat­e the breach and uncover what was and wasn’t taken.

‘‘They are not saying anything about how it was taken. That is wise because you don’t want to open yourself to more attacks.’’

He said when the extent of the breach was known Pinnacle would need to work with staff and patients to mitigate the fallout of what could be done with the stolen informatio­n.

Malware breaches, when someone downloaded something they shouldn’t, were on the decline, he said. But many people and organisati­ons were still falling victim to social engineerin­g cyber attacks – by phishing, phone calls, and texts.

He said people were becoming more aware and careful about their online activity, but attackers were constantly advancing.

Evetts said it was important an organisati­on’s people, processes and technology were as secure as possible.

It wasn’t just about the online systems, it was also about making sure staff understood why and how to keep safe and that processes were in place to keep informatio­n secure.

 ?? ?? Datacom cybersecur­ity director Matthew Evetts said it was likely a valid account was used to access the Pinnacle system.
Datacom cybersecur­ity director Matthew Evetts said it was likely a valid account was used to access the Pinnacle system.

Newspapers in English

Newspapers from New Zealand