Skin cancer patient fears near naked photos on dark web after cyberattack on Pinnacle Health
Wednesday, 12 October 2022
A skin cancer patient caught up in a GP cyberattack fears images of him in a state of undress may have been uploaded to the dark web.
Confidential pictures held at the Hamilton Skin Cancer Centre appear to have been hoovered up alongside patient data when a “malicious actor” infiltrated Pinnacle health’s IT network on September 28.
A patient at the clinic, who wanted to remain anonymous, was disturbed and felt vulnerable knowing that photos of him in a state of undress may be online.
“I was pretty upset,” he said on Wednesday, “they could be anything from every little lesion on your body,” to “images of yourself standing there in your undies.”
**READ MORE:
* Patient information uploaded to internet after Pinnacle Health cyber-attack
* Pinnacle attack a reminder cyber-crime here to stay
* Administrative account likely used in cyber attack on health provider Pinnacle, expert says
* Waikato DHB warned a cyber attack 'catastrophic for patient safety'
**
The centre discovered it had fallen victim to the cyber crime and was in crisis mode to salvage the situation, it said in an email to patients on Tuesday.
Yet a spokesperson declined to be interviewed, stating they were “unable to comment on the incident as it is currently an ongoing police investigation”.
The email went on to say their image storage system was affected “which means the third party may have downloaded images related to you; for example, close-up image of skin lesions which may include your face”.
A subsequent email on Thursday said the clinic did not take or store full body images of patients
Their investigations indicate data has now been uploaded to the dark web.
The centre had begun contacting those affected by the hack attack, acknowledging the distress they may be feeling.
The patient said they had received a general letter from the centre but weren’t yet aware if their private data was hacked.
“I would hate for someone to be purchasing photographs of me in my underpants - why anyone would want that is beyond me.
“It would be nice to think there was a nice thick firewall in place to stop these cyber-thieves.”
The centre said the risk posed to patient security was minimal as “clinical images alone are not useful to a cyber-criminal”.
“At this stage our investigation has not revealed any evidence that personal information such as contact information, bank card or credit card details, email addresses, National Health Index (NHI) numbers, or telephone numbers have been affected, downloaded, or published by the third party.”
They had brought New Zealand’s national identity and cyber support community service, IDCARE on board to address any patient distress as a result of the hack.
“We fully appreciate however that it will be concerning to learn that your images may have been accessed in this manner.
Hundreds of thousands of patients’ confidential data was taken in the Pinnacle Health hack.
The Pinnacle group covers Primary Health Care facilities in Waikato, Thames-Coromandel, Rotorua, Taranaki and Taupō-Tūrangi.
The private information included past and present patients and customers of Pinnacle Health.
The interim investigation into the cyberattack would take some time to complete, the centre said, and they would continue to keep private stakeholders informed.
“We sincerely apologise that this incident has occurred and for any stress or anxiety it may cause our patients.
“If members of the public have further concerns, they have the right to complain to the Privacy Commissioner.”
Pinnacle Midlands Health Network said it had no direct connection to the Hamilton Skin Cancer Centre.
As these cyber incidents are separate, separate data has been impacted, it said.
Amendment: This story has been updated to include a statement from Hamilton Skin Cancer Centre that it does not take or store full body images of patients. Amended 5pm, October 13, 2022.