πŸ”’breach.co.nz Β· the NZ & Australia breach register πŸ›‘οΈ A Govern service
Register β€Ί πŸ‡³πŸ‡Ώ NZ β€Ί Healthcare

Health New Zealand (Te Whatu Ora)

πŸ‡³πŸ‡Ώ New Zealand Β· Health New Zealand β€” Te Whatu Ora Β· Record NZ-2024-0022
● Confirmed
People affected
12,000 (approx)
Breach date
2024-02
Regulator
NZ Privacy Commissioner
Trust tier
A Β· Confirmed

Data exposed

Personal information relating to COVID-19 vaccination records Confirmed

Confidence: Confirmed = regulator/court Β· Company-confirmed = the organisation's own disclosure Β· Media-reported = press. Figures without an official source are labelled, not estimated.

What happened

In February 2024 Health New Zealand disclosed that an individual had taken data from its systems and attempted to spread misinformation, with the personal information of around 12,000 people β€” relating to COVID-19 vaccination records β€” involved [twora-hnz] [onenews-hnz]. Health NZ notified affected people and referred the matter to authorities.

Timeline

  • 2024-02 β€” Health NZ disclosed the unauthorised data breach; ~12,000 people affected [twora-hnz].

Current status

Resolved, with notification and referral to authorities. Figures are as reported. [twora-hnz]

Why it matters

An insider case β€” the risk isn’t only external attackers; trusted access to sensitive health data can be misused from within.