PHO cyberattack drags in more PHOs, sparks spy agency security review


PHO cyberattack drags in more PHOs, sparks spy agency security review

Vanda The God
Tū Ora Compass was one of several mostly government and NGO sector organisations around the world dealing with defaced websites from a hacker going by the name "Vanda the God”
“It’s like bacteria and antibiotics, hackers find new ways of getting in" A cyberattack that cost a PHO around $250,000, affected dozens of pract


It would be interesting to know more detail about what information is held by each PHO/network and - why it is needed/what it is being used for? I suspect that far more information is being uploaded than is really necessary or desirable.

It would also be interesting to know how many patients are at all aware that their data is being ‘harvested’ in this manner and for what real or imagined purpose it is being accumulated?

As we learned last year, a detailed, fully identifiable record of almost every GP consultation is being uploaded daily to Auckland’s largest PHO with many patients completely unaware of this fact. 

It is well past time that this activity was put under intense scrutiny. Patient data should be handled with extreme care.  I for one see no reason why most of it should ever leave the patient’s general practice.

Is there a privacy commissioner in the house? 

Heather Simpson I hope you are looking closely at all of this expensive, distracting and unnecessary chaos. 

Tom Bowden, Director, Cognoscenti Digital Health





With all the time and expense spent trying to find a system to "integrate" patient information, there seems to have been no effort to ensure patient confidentiality, not just from cyber-attack but from inappropriate access by managers, Health Care Assistants, Religious Pastors and of the growing legion of "health professionals" who think they understand every aspect of a patient's health issues. I certainly don't want my GP or specialist recording any "sensitive" health issues I might have for all and sundry to see and misinterpret so I wonder how many other GPs use private codes or abbreviations for illegal drug use, other activities with questionable legal or moral connotations, or even HIV status and sexual orientation?

Then, apart from the facts that most PMS software is still not GP or locum friendly and we have found a real need to have an uninterruptible power supply (UPS) for the all too frequent power cuts in rural areas, what happens to practice functionality when the power cut lasts more than an hour or road workers bulldoze the fibre-optic cable and cut out Internet (and thus Cloud) access for even longer?