Simon Plumb reports:
A Ministry of Health email blunder has spilled private medical information of 24,000 Kiwis.
Officials are investigating how a spreadsheet of National Health Index (NHI) numbers, containing the birth and death dates of 24,092 people, was emailed to around 950 pharmacists yesterday morning. The email was supposed to be sent internally.
Security on NHI numbers is extremely high, with access restricted to health professionals and agencies governed by the Health Information Privacy Code.
Read more on NZ Herald. From the reporting, it’s not clear to me what data types were so “sensitive,” if the list dealt with deceased individuals. Was there a coded field for diagnoses, or was this coded info for name, gender, location, DOB, and DOD? Granted, any breach is worrying and may make the public less confident, but what, exactly, in this particular breach was so sensitive that families of the deceased might need to be notified? Does anyone know?
h/t, @VERISDB