Wellington, NZ residents woke up last Saturday to the unpalatable news that local primary health organisation Tū Ora Compass Health had its IT system hacked four times over the last three years, and it is unlikely it will ever know if patient information has been accessed.

Two of the hacks appear to have been old-fashioned defacing of websites by a malicious hacktivist, but the other two may prove to be a bit more serious. While PHOs don't hold patients' medical data, they do keep records of people who are enrolled at general practices in the region, their National Health Index number, and their name, date of birth and address. That is all very valuable information for identity fraudsters.