SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Pinnacle cyber attack: Beware of suspicious emails, messages and bank activity - Deputy Privacy Commissioner
Mon, 17th Oct 2022
FYI, this story is more than a year old

The Privacy Commission is advising victims of the Pinnacle hack to be wary of any suspicious cellphone communication or bank activity.

The names, addresses and other personal information of up to 450,000 people have been posted online in cyber attack on Pinnacle Midlands Health Network about a fortnight ago.

Deputy Privacy Commissioner Liz MacPherson told Morning Report its office was working closely with Pinnacle to ensure victims of the hack were being informed of the breach.

She said any concerned individual should call 0800 121 068, a number that is being monitored by a specialist company that looks after victims of cyber attacks.

MacPherson said those in the area who believe they might be affected should watch for any unusual messages on their mobiles, and talk to their banks about any activity.

Jordan Heerspring manager of Incident Response at CERT NZ, which monitors such cyber attacks, concurred with MacPherson and said people should enable two-factor authentication on their accounts, adding an extra layer of security on top of their passwords.

He said people should changes their passwords as it may be related to some personal information, especially if they use those passwords across multiple accounts.

He said people should also be aware of the types of attacks, a person with stolen personal may carry out.

MacPherson said an investigation would be carried out into the attack depending on the quality of an independent review and subsequent recommendations.

Yesterday Pinnacle's chief executive Justin Butcher reported that the stolen information had been posted on the dark web.

More information had also come to light about the type of information taken - it involved data about past and present patients, including hospital services used, and immunisation and screening statuses.

It was not yet known who the attackers were, why Pinnacle was targeted or whether the information had been used, or what the attackers could be planning to use it for, Butcher said.