Home Cyber Attack Tu Ora Data Breach Exposed Medical And Personal Data Of 1 Million People

Tu Ora Data Breach Exposed Medical And Personal Data Of 1 Million People

by Abeerah Hashim
Tu Ora data breach

Extending the trail of breaches happening recently, now joins New Zealand based primary health organization (PHO). As disclosed by the organization Tu Ora itself, it has suffered a data breach that affected 1 million people.

Tu Ora Disclosed Data Breach

Recently, the New Zealand-based health organization, Tū Ora Compass Health, revealed a data breach. Tū Ora is a (PHO) that aims to improve the general health care of the people.

According to their advisory, the organization suffered a cyber attack on its website in August 2019. While investigating the recent incident, they came to know about various such attack happened earlier.

On 5 August, our website was attacked as part of a global cyber incident. As soon as we became aware, our server was taken offline, we strengthened our I.T. security and started an in-depth investigation. The investigation has found previous cyberattacks dating from 2016 to early March 2019.

While they aren’t sure if those attacks actually impacted people’s data, they still disclosed the incidents.

We cannot say for certain whether or not the cyber-attacks resulted in any patient information being accessed.  Experts say it is likely we will never know.  However, we have to assume the worst and that is why we are informing people.

Since Tū Ora holds a database of people dating back to 2002, they revealed that the incidents may have affected the people enrolled with a medical center since 2002. While, the areas primarily affected by the attacks include Wairarapa, Wellington, and Manawatu regions. In all, the count of affectees may rise up to 1 million.

The current population of these areas are around 648,000 people, but including those now deceased or who have moved away from the area, the data covers nearly 1 million people.

The breached data may include names, birth dates, address, ethnicity, National Health Index number, and the medical center they enrolled with. Furthermore, it may also include some other medical and health information. However, the organization assured that the individuals’ GP notes remained safe.

Investigations Continue

Upon noticing multiple cyber attacks happened in the past, Tū Ora launched investigations regarding them. They also reported the matter to relevant authorities, including the National Cyber Security Centre, Ministry of Health, and the Police.

The organization also assured that the incidents did not impact any financial data of the individuals.

Nonetheless, they still ask people to remain wary of any scams, reset their passwords, and keep their devices update with the latest software.

Let us know your thoughts in the comments.

You may also like

Do NOT follow this link or you will be banned from the site!

Privacy Preference Center


The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]


DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.



The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid