Privacy & Security

The attack affects operations across several states, with loss of access to medical records, and the scale of the data breach is still under investigation.

Pinnacle Midlands Health Network has confirmed a data leak following its report of an IT breach on 28 September. In an update on 9 October, the network said malicious actors have uploaded to the internet information and data "related to past and present patients and customers" of the Pinnacle group in Waikato, Lakes, Taranaki and Tairāwhiti districts, including GP practices under Primary Health Care. Pinnacle CEO Justin Butcher said that "much of the information and data that was stolen last week has been made public." "While Pinnacle does not hold GP notes and consultation records, we now have a much clearer understanding of the breadth of stolen data. This includes high-level data related to the use of hospital services, claiming information related to services that Pinnacle provides, and information sent to practices around immunisation and screening status of individual patients," he explained. "This is extremely unfortunate, and we are gutted as this impacts our whānau also. Cyber incidents like this are a constant threat, and while they are the doing of malicious actors, we feel for everyone who may have been affected," the network's official added. Pinnacle said they are in contact with the police and the Office of the Privacy Commissioner. THE LARGER CONTEXT Two weeks ago, Pinnacle immediately took its IT system offline upon identifying a breach. In a statement, Te Whatu Ora, which is assisting in the investigations, maintained that the cyberattack is "no indication of a threat to Te Whatu Ora networks" as its system is separate from Pinnacle.  Meanwhile, the network, which serves about 450,000 patients in 87 practices, has tapped IDCare for people specialist support to individuals who are believed to be at high risk due to the exposure of their information.

Tony Corkett, CEO of Cloud21, discusses how the company supported IT infrastructure and process improvements for the UK's National Health Service, and discusses what's next for cybersecurity and digital health.

Competitors Humana, MultiPlan, Optum, Quest Diagnostics and UnitedHealthcare formed the alliance to unlock the potential of distributed ledger technology. Michael Kim, CIO at MultiPlan, discusses their work.

The Pinnacle Midlands Health Network flagged an IT breach on 28 September.  

Top leaders from the VA's digital transformation team discussed the PACT Act, zero trust security, low-code agility, the VA's new mobile app, technology application sourcing and more.

Two earlier incidents were found to be caused by bugs found in data centres.

The new software, developed in-house at San Diego-based Rady Children's Hospital, allows physicians to view and interact with 3D patient models, saving time and improving patient care.

The Healthcare Cybersecurity Act of 2022 introduces a CISA-directed collaboration with HHS to tighten healthcare cybersecurity with industry analysis and workforce training.

How cybersecurity leaders utilize context and the threat landscape to accelerate incident management.