Photo: skynesher/Getty Images
A private specialist healthcare provider in New Zealand has shut down its IT systems and deferred procedures following a hacking incident.
On 26 March, Auckland-based IntraCare reported it detected a breach in its network on 20 March and immediately took its IT systems offline to contain the incident.
The private centre, which specialises in image-guided procedures across interventional cardiology, electrophysiology, and interventional radiology, postponed at least 28 patient procedures for a week from 23 March, according to a news report, while it investigated the incident and worked to restore operations.
IntraCare, which sees more than 2,000 patients each year, said affected patients and specialists were contacted to arrange rescheduling or relocation of procedures, adding that patients may experience delays in appointments, slower administrative processes, and the temporary use of manual systems while its IT system is offline.
The provider has engaged cybersecurity firm CyberCX to conduct a forensic investigation. It has also been working with Te Whatu Ora Health New Zealand, the National Cyber Security Centre, and the New Zealand Police, and keeping the Office of the Privacy Commissioner informed.
In an update on 27 March, IntraCare said it was making progress in its recovery and expected to resume medical procedures from 30 March, with patients to be contacted directly with further details.
As of publication, the investigation remains ongoing. IntraCare said it has yet to confirm whether any patient or staff information has been accessed.
"Due to the nature of the breach and the internal security controls in place to protect the data, this is a technically challenging process and [an] investigation into whether any data has been accessed continues," it said.
"If it is identified that patient or staff information has been accessed, we will contact those individuals directly."
It has also been monitoring for any unauthorised use or distribution of potentially affected data.
Additionally, the provider said it "continues to invest heavily" in cybersecurity measures and is working with third-party experts and government agencies to share learnings from the incident and improve system-wide resilience.
THE LARGER TREND
The latest incident follows two earlier cyber breaches in New Zealand's healthcare sector in recent months, involving the Manage My Health patient portal, which reportedly affected up to 126,000 users, and the MediMap medication management platform.
A series of IT outages attributed to IT equipment failure has also been reported across the country's public health system since the start of the year.
Following the MediMap incident, Te Whatu Ora said it would remind healthcare providers of their responsibility to meet minimum cybersecurity and privacy requirements and to safeguard patient information.
