🔒breach.co.nz · the NZ & Australia breach register 🛡️ A Govern service
Register › 🇳🇿 NZ › Healthcare

Tū Ora Compass Health

🇳🇿 Wellington region · Tū Ora Compass Health · Record NZ-2019-0033
○ Reported — awaiting official confirmation
Reported — awaiting official confirmation. The facts below are drawn from the organisation's own disclosure and credible reporting. Figures are as reported; unknowns are labelled, not estimated by us.
People affected
1,000,000 (approx)
Breach date
2019-08
Regulator
NZ Privacy Commissioner
Trust tier
B · Reported

Data exposed

Enrolled patient information (names, dates of birth, contact and health-related data) Media-reported

Confidence: Confirmed = regulator/court · Company-confirmed = the organisation's own disclosure · Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In 2019 Tū Ora Compass Health, a Wellington-region primary health organisation, disclosed that its systems had been breached — with investigation revealing multiple intrusions over prior years — potentially exposing the information of up to around 1 million enrolled patients [cshub-tuora]. A Ministry of Health review and Privacy Commissioner engagement followed.

Timeline

  • 2019-08 — Breach detected during a related cyber attack [cshub-tuora].
  • 2019-09 — Public disclosure; up to ~1M people potentially affected [cshub-tuora].

Current status

Resolved following review. The “up to 1 million” figure reflects potential exposure as reported; it was not established that all records were accessed. [cshub-tuora]

Why it matters

At the time, the largest health-data exposure in New Zealand — and an early driver of the debate over strengthening NZ’s Privacy Act.