Up to 1 million New Zealand patients' data breached in criminal cyber hack

Forums › IT Pro and developers › Up to 1 million New Zealand patients' data breached in criminal cyber hack

1 | 2 | 3

186 posts

Master Geek

#2331791 7-Oct-2019 11:33

Heres a link from the privacy commisson on health data

https://www.privacy.org.nz/the-privacy-act-and-codes/codes-of-practice/health-information-privacy-code-1994/

dt

1152 posts

Uber Geek
Inactive user

#2331797 7-Oct-2019 11:49

wellygary:

dt:

Has anyone found a way to check if your personal data was stolen in the breach?

They can't tell you.....

Can I find out what information Tū Ora holds on me? Not yet. We do not store your information as one health record. Information is collected for specific claiming and reporting purposes and we don’t have a process to amalgamate the data yet. We are working on this.

Cheers and sorry I hadn't completely read it all yet before I posted that.

floydbloke

3523 posts

Uber Geek

ID Verified

#2332354 8-Oct-2019 08:34

One of the things that really irks me about this is that when a parent wants to help their kids from age 13 (or thereabouts I think) with a medical issue, make appointments, get some information on the diagnosis etc. the providers make it near impossible to do so citing privacy reasons. Effectively triple-locking the front door, yet they ignorantly leave the backdoor wide open to an attack like this. Very poor.

Did Eric Clapton really think she looked wonderful...or was it after the 15th outfit she tried on and he just wanted to get to the party and get a drink?

afe66

3181 posts

Uber Geek

Lifetime subscriber

#2332479 8-Oct-2019 11:56

A parent can see the medical records of 13 year old within reason, exception of gynaecology/fertility issues with young women to address the issue of abortion.

You can consent for medical issues as an adult from the age of 15-16.

The issue with medical privacy is not to protect young people from reasonable conversation with reasonable parents but to address unreasonable parents.

At risk young people may not seek help from doctors for issues if they fear their parents will be told in which case they may not seek help at all.

If your kids dont talk to you about their health it's not a problem with medical privacy as much as a problem you have in the relationship with your children.

The thing to remember is that people posting here are most likely be parents with good relationships with their kids and can have honest conversations. Less likely to be alcoholic abusive violent parents with socially and mentally isolated children.

floydbloke

3523 posts

Uber Geek

ID Verified

#2332624 8-Oct-2019 14:18

Fair point @afe66, thank you.

Maybe this warrants a post in the 'something that annoys me threat' instead. Something along the lines of 'the way ordinary, responsible, respectable people have to suffer the inconvenience of laws that have had to be put in place (and rightly so) because a small minority of the population don't understand what it means to be, or choose not to behave like, an ordinary, responsible, respectable person.'

Did Eric Clapton really think she looked wonderful...or was it after the 15th outfit she tried on and he just wanted to get to the party and get a drink?

elpenguino

3427 posts

Uber Geek

#2332881 8-Oct-2019 17:32

This leak is terrible. How shoddy must the outfit involved be?

It certainly reflects poorly on the standards of NZ IT professionals.

It seems to me that there needs to be more legal 'encouragement' put in place so that those entrusted with sensitive personal data take better care of it or suffer the consequences.

Most of the posters in this thread are just like chimpanzees on MDMA, full of feelings of bonhomie, joy, and optimism. Fred99 8/4/21

floydbloke

3523 posts

Uber Geek

ID Verified

#2332969 8-Oct-2019 19:28

elpenguino:

This leak is terrible. How shoddy must the outfit involved be?

It certainly reflects poorly on the standards of NZ ~~IT professionals~~ senior execs who don't understand the potential implication of inadequate, or won't invest in, IT security.

...

Fixed

Did Eric Clapton really think she looked wonderful...or was it after the 15th outfit she tried on and he just wanted to get to the party and get a drink?

Sharesies

Trade NZ and US shares and funds with Sharesies (affiliate link).

elpenguino

3427 posts

Uber Geek

#2333239 9-Oct-2019 10:21

floydbloke:

elpenguino:

This leak is terrible. How shoddy must the outfit involved be?

It certainly reflects poorly on the standards of NZ IT professionals senior execs who don't understand the potential implication of inadequate, or won't invest in, IT security.

...

Fixed

Let's assume you're an IT professional - there's no need to be defensive about your personal skills and qualities. This is a matter of organisation. Let me frame the situation using another field of employment.

Manager: This guy needs a kidney operation.

Surgeon: The operating room will cost $11k and the operation will take 7.5 hours

Manager: I've got KPIs to meet , you can have a room worth $9k and have 5 hours.

Do you expect the surgeon to just say 'OK' or make more of a fuss about the available resources?

Change the scenario to an engineer building a bridge that you use. What would you want the engineer to say?

These are both tasks with bare minimum expectations of the patient staying alive and the bridge not collapsing.

Why is maintaining data integrity not given the same ranking?

I can tell you what's going to happen if the IT profession doesn't sort itself out. Like surgeons and engineers in my example, there'll be professional certification required before anyone can sign off a data-sensitive project.

Most of the posters in this thread are just like chimpanzees on MDMA, full of feelings of bonhomie, joy, and optimism. Fred99 8/4/21

gehenna

8520 posts

Uber Geek

Moderator

Trusted

Lifetime subscriber

#2333243 9-Oct-2019 10:30

What @floydbloke said is also true. It can be both. At the end of the day, it's a matter of governance and investment not purely technology and skillsets.

Beccara

1469 posts

Uber Geek

ID Verified

#2333280 9-Oct-2019 11:22

Surgeon's and Enigneer's still get blacklisted for the push back your talking about. Bridges still collapse because tenders went to the lowest bidder and the engineer was forced to reduce safety margins to the bare minimum. Surgeon's routinely kill patients from pressures to pump through waiting lists

In this case we have the Health Information Privacy Code and the Health Information Security Framework and to the side we have the NZ Information Security Manual, The problem is nobody is really enforcing/auditing them and nobody in the sector is particularly afraid of them and doctors routinely complain about security measures impacting their speed and higher ups see security as impacting "patient care quality outcomes". It takes someone from up at the very top to make security a point worth considering. I'm hoping that the Privacy Commissioner comes down hard and sets an example here otherwise nothing will change, If potentially leaking 1million patients data doesn't generate fines/charges then nobody in the sector will care about strong passwords or locking computer screens

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

tripper1000

1618 posts

Uber Geek

#2333302 9-Oct-2019 12:21

Having experience working in a Govt Dept the scenario is more like:

Q: "We need to upgrade our IT and this is an affordable solution that will do the the job."

A: "That solution isn't on our 8 year old list of preferred vendor and/or approved software and/or approved hardware. You're going change the solution to work in Windows XP and on a Pentium 4".

or:

A: "The IT department is going through it's 4th restructure in 5 years and we're thinking about outsourcing anyway so nobody knows if they have a job next Monday and the guy that does that has resigned, so we're not taking on any new work until next year".

elpenguino

3427 posts

Uber Geek

#2333306 9-Oct-2019 12:33

Beccara:

Surgeon's and Enigneer's still get blacklisted for the push back your talking about. Bridges still collapse because tenders went to the lowest bidder and the engineer was forced to reduce safety margins to the bare minimum.

I wager the number of bridge collapses in NZ is grossly outnumbered by the number of data 'leaks'. By a large ratio.

Most of the posters in this thread are just like chimpanzees on MDMA, full of feelings of bonhomie, joy, and optimism. Fred99 8/4/21

Beccara

1469 posts

Uber Geek

ID Verified

#2333312 9-Oct-2019 12:46

My point still stands, People in all professions risk their livelihood when going up against management, In IT more so because there will always be some consultant willing to say what management wants to do it A-OK and you're just a troublemaker/stuck in the stone-age/not an active participate in bringing increased value to the stakeholders.

At-least engineers can point to a piece of metal and say that will break at X point and prove it with a lab, IT has no such tangible testing for most things security and even if they did things move so much that what you say is right today is wrong tomorrow. Expecting IT people to jump up and risk getting blackballed for demanding a SIEM solution that may or may not still be as useful 6-12-24months down the line or pushing 2fa when some consultant is saying it'll cost $X in lost productivity is looking at the wrong end of the problem

networkn

Networkn
32358 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#2333314 9-Oct-2019 12:51

elpenguino:

Beccara:

Surgeon's and Enigneer's still get blacklisted for the push back your talking about. Bridges still collapse because tenders went to the lowest bidder and the engineer was forced to reduce safety margins to the bare minimum.

I wager the number of bridge collapses in NZ is grossly outnumbered by the number of data 'leaks'. By a large ratio.

How many bridges are there? How much data ? How much has traffic and bridge technology changed in the past 15 years? You don't have anywhere enough information about the cause and lead up to this leak to be making such generalized comments.

elpenguino

3427 posts

Uber Geek

#2333318 9-Oct-2019 12:57

networkn:

elpenguino:

Beccara:

Surgeon's and Enigneer's still get blacklisted for the push back your talking about. Bridges still collapse because tenders went to the lowest bidder and the engineer was forced to reduce safety margins to the bare minimum.

I wager the number of bridge collapses in NZ is grossly outnumbered by the number of data 'leaks'. By a large ratio.

How many bridges are there? How much data ? How much has traffic and bridge technology changed in the past 15 years? You don't have anywhere enough information about the cause and lead up to this leak to be making such generalized comments.

Of course I do !

How many NZ data leaks have I become aware about in the last week?

How many NZ bridge collapses have I become aware about in the last week?

When I'm a data sharer or a bridge user I don't care how it is achieved. I.just.want.it.to.work.properly.

Most of the posters in this thread are just like chimpanzees on MDMA, full of feelings of bonhomie, joy, and optimism. Fred99 8/4/21

1 | 2 | 3