As you may be aware, an independent IT platform used by the Family Health Centre to store data was involved in a malicious cyber incident on 28 September 2022.

This impacted our IT services, which were immediately taken offline and secured. We apologise to all our patients who have been affected by this.

Investigations are ongoing, however we have been informed that some information stored on the compromised system was accessed by an unauthorised third party. While the incident has not affected our clinical platform, the impacted system did contain some personal, clinical and commercial details.

At this point in time, we cannot confirm what specific data or information may have been accessed but we have engaged independent IT specialists to work through this to better understand the extent of what has occurred.

We have been advised this forensic analysis may take some time but we will provide a further update to those impacted patients once that information is available.

In the meantime, we believe it is important to adopt a transparent communications approach, so we can support those people who have potentially been impacted.

External support partners have been engaged to assist with the response and an in-depth investigation launched working alongside relevant authorities.

A complaint has been lodged with the Police and we are working alongside Te Whatu Ora and a number of other Government agencies, including the Office of the Privacy Commissioner to ensure we meet the obligations of the Privacy Act.

We understand that some of the data accessed by the unauthorised third party has been published on the dark web. The dark web is a hidden part of the internet and is not searchable by the general public using search engines such as Google. Specialised software and skills are required to gain access.

We know that people will rightfully be very concerned about this. Family Health takes our role as health providers and stewards of people’s information seriously, and security is of utmost importance to us.

Unfortunately, malicious cyber activity is a constant threat and New Zealand is not exempt from this.

We advise all our current and former patients and suppliers to remain vigilant about the risk of scams.

Whilst investigations continue, we are mindful that scammers do take advantage of organisations through impersonation in order to elicit further details and access from the affected community.

If you receive a text, phone call or email from an organisation, such as law enforcement, your bank or Government, we advise you to make your own enquiries such as calling a separate, publicly available number first before responding to any demands placed on you (including clicking any links or providing your identity or account information).

For further information about current scams and how to protect yourself, please visit idcare.org

At this stage we do not have specific details on what data was accessed, if you have concerns please email us on familyhealth@familyhealth.co.nz and we will do our best to answer any questions.