Health New Zealand Te Whatu Ora is in the process of notifying approximately 12,000 individuals affected by an alleged unauthorized data release instigated by a former staff member. The release involved the personal information of Covid-19 vaccinators, with Health NZ CEO Margie Apa emphasizing swift action to address the breach, including legal recourse and collaboration with authorities and cybersecurity experts. Despite efforts to mitigate risks and enhance data security measures, a small number of vaccinated individuals may still be potentially identifiable due to earlier public disclosures.
Apa underscores Health NZ’s commitment to learning from the incident and improving internal controls to prevent similar breaches in the future. Apologies are extended to those affected, with resources allocated to provide support, information, and advice to individuals receiving notifications. Additionally, Health NZ vehemently refutes misinformation surrounding the breach and highlights the invaluable contributions of vaccinators during the pandemic, emphasizing their role in safeguarding communities and saving lives.
Efforts to address the breach involve cooperation with law enforcement and regulatory bodies, with a focus on complying with orders to prohibit further dissemination of the compromised data. Furthermore, local and international cybersecurity experts are engaged to monitor signs of data disclosure online and provide assistance as needed. The ongoing investigation into the incident underscores the complexity of the situation, prompting Health NZ to prioritize transparency, accountability, and continuous improvement in data protection measures.
