New Zealand Department of Health data breach

As we all know today, most of our data and information is in digital form. Advancement in technology has made data creation, transmission and storage are very convenient and cost-effective. Technology has enabled the corporate world to leverage the benefits of digitisation, to serve the public or customers, efficiently and economically. It has vastly improved the way people work.

However, the negative side of it is, unless the data or information is protected, it paves the way for crooks or thieves to get access to valuable data for their financial gain. This is commonly called ‘data breach’.

These unauthorised attackers access secure databases and repositories. They gain access through different means such as impersonating or social engineering, eavesdropping, phishing, cookie theft, using keyloggers etc. Hackers are getting smarter by the day. Unless organisations continue to educate everybody in the organisation (not only IT staff) they are making themselves a very easy target to the hackers! For example, if hackers break into a corporate network, with the administrators login credentials, they can have access to all the databases.

The department of health data breach which happened last week is a good case study. Certainly, undetected security vulnerabilities had been there for the hackers to easily get into the New Zealand’s ministry of health database exposing the personal data of over one million patients. This is a very serious matter and these are lessons to be learned.

It is well known that the biggest vulnerability comes from people themselves. Organisations must allocate sufficient budgets to continuously train all staff. Establish robust controls and have a systematic testing regimen. Privacy of personal data must well be protected and should strictly conform to the regulatory requirements.

https://www.stuff.co.nz/national/116350054/ministry-of-health-fronts-as-cyber-attack-leaves-patient-data-exposed