Pinnacle Health hack: Sensitive files posted to the dark web include ‘confidential’ report

Sensitive patient files and high-level data stolen in a cyber attack on a major primary health provider have been posted to the dark web by a ransomware group with Russian links, the Herald can reveal.

In a statement last night, Pinnacle Midlands Health Network — which operates dozens of North Island GP practices — confirmed the upload of stolen material to the net, following a “cyber incident” last week.

While the number of affected patients has not been made public, initial reports suggested hackers may have had access to as many as 450,000 people’s information.

Justin Butcher, CEO of Pinnacle Incorporated, told the Herald information illegally obtained was uploaded to the internet by “malicious actors”.

The information and data related to past and present patients and customers of the Pinnacle group in the Waikato, Lakes, Taranaki and Tairawhiti districts. It also includes Primary Health Care Ltd (PHCL) practices from across Taranaki, Rotorua, Taupō-Tūrangi, Thames-Coromandel and Waikato.

The information in the breach includes high-level data related to the use of hospital services, claiming information related to services that Pinnacle provides, and information sent to practices around immunisation and screening status of individual patients.

“Over the past 24 hours, we were notified by our security experts that the data taken from our IT platform had been released by malicious actors,” Butcher confirmed.

“We acknowledge that this will be concerning to our patients and their whānau, and we are taking this seriously, our immediate focus is on supporting people who may have been impacted, and working with the authorities to ensure we are doing everything we need to be.”

While Pinnacle does not hold GP notes and consultation records, Butcher said the company “now have a much clearer understanding of the breadth of…