A cyber incident can do more than disrupt systems. In healthcare, it can interrupt treatment, delay procedures, strain communication, and create uncertainty for patients and providers alike.
That is exactly what happened when private healthcare provider IntraCare disclosed a cyber breach after becoming aware of the incident on March 20. The organisation took its IT systems offline immediately. As a result, 28 patient procedures were deferred while the company worked to contain the issue and assess the damage. At that stage, IntraCare said it could not yet confirm whether patient records had been affected.
This was not a minor technical fault. It was an operational event with direct patient impact.
IntraCare specialises in image-guided precision medical diagnostics and interventions and treats more than 2,000 patients each year, according to public reporting and its website profile cited in coverage of the incident. When an organisation of that nature loses access to core systems, the impact moves quickly from the IT function to the clinical front line.
More Than a Data Problem
Too often, cyber breaches are viewed only through the lens of data loss. That is too narrow.
In the IntraCare case, the first visible effect was service disruption. Procedures were postponed. Appointments and scheduling faced delays. The provider also said it could not directly contact all affected patients because the database holding contact details had been shut down.
That is the real pressure point in healthcare cyber security. When systems go down, the organisation may lose visibility, speed, and normal communication channels all at once. Clinical teams may still be ready to care for patients, but without access to systems, records, and workflows, delivery becomes harder, and risk rises.
A capable cyber incident response team, a core part of operational resilience, helps contain the threat, preserve evidence, support executives, and guide the business through difficult decisions under pressure.
How to manage supply chain cyber risks in Olympic IT ecosystems.
The Investigation Phase is Critical
IntraCare said independent Australasian cyber experts from CyberCX were engaged to lead a forensic investigation. The company also said it was being supported by government experts, Health NZ, the National Cyber Security Centre, New Zealand Police, and the Office of the Privacy Commissioner. Health NZ confirmed its Cyber Security Incident Management Team was in contact with IntraCare to offer support.
That response matters.
In the early stage of a breach, facts are often incomplete. Leaders want answers, patients want clarity, and regulators may expect prompt engagement. But a rushed statement without evidence can create more risk. A disciplined investigation helps determine what happened, what systems were affected, what data may have been accessed, and what response steps are needed next.
This is where a mature incident response team makes a difference. It brings structure to chaos. It helps organisations contain the breach, maintain chain of custody, support legal and privacy obligations, and plan recovery in a controlled way.
Why Healthcare Remains a Prime Target
Healthcare organisations manage sensitive data, time-critical services, third-party platforms, and complex user environments. That mix creates exposure.
Attackers know that healthcare providers cannot tolerate long outages. They also know many organisations rely on interconnected systems, legacy platforms, and external vendors. That makes the sector a high-pressure target.
The IntraCare incident is a reminder that healthcare cyber security is not only about blocking attacks. It is also about preparing for the moment prevention fails. That means planning, testing, governance, and clear accountability.
It also means regular assurance work. Ethical hacking helps organisations identify weaknesses before threat actors do. Real-world security testing can expose gaps in internet-facing applications, user access controls, remote services, and third-party integrations.
Done properly, it gives leadership a clearer picture of actual exposure, not assumed security.
Compliance Alone is Not Enough
Many organisations still treat compliance as the finish line. It is not.
Frameworks and audits matter, but they must connect to practical security controls and response readiness. In regulated sectors, that includes governance, evidence, and independent review.
For payment environments and broader control assurance, experienced PCIQSA compliance auditors can help organisations assess whether controls are working as intended and whether risk has been addressed in a way that stands up to scrutiny. CGI positions itself in this space as a PCI DSS QSA company with governance, risk, compliance, incident response, and testing capabilities.
Still, compliance on paper does not guarantee resilience in a live incident.
That is why many organisations combine assessment and response planning with ethical hacking, tabletop exercises, incident playbooks, and external assurance. Strong security posture comes from practice, not policy alone.
The Lesson for Business Leaders
The most important lesson from the IntraCare breach is simple: cyber incidents are business incidents.
Boards, executives, clinical leaders, and operational managers all have a role. The right questions are no longer limited to “Are we compliant?” They now include:
• Can we continue critical services during an outage?
• Do we know who leads during a live incident?
• Have we tested our response process under pressure?
• Can we communicate with patients and stakeholders if systems go offline?
• Have we validated our controls through ethical hacking and independent review?
• Do we have access to trusted specialists when assurance and reporting obligations arise?
These are not theoretical questions. They affect patient trust, service continuity, legal exposure, and recovery time.
A tested incident response team should already know its role before a breach happens. External specialists should already be identified. Executive decision paths should already be clear. Waiting until a crisis begins is too late.
Why organisations must assess cyber hygiene during global tensions.
A Stronger Path Forward
IntraCare stated that it was taking steps to prevent misuse of information and that it would communicate openly as more information became available. That is the right direction.
For every healthcare provider and every organisation handling sensitive information, the message is clear. Cyber resilience needs to be built before an incident. That includes response readiness, technical testing, governance oversight, recovery planning, and regular validation by specialists. It also includes practical testing through ethical hacking and support from an experienced cyber incident response team when fast, informed action matters most.
Cyber events do not wait for ideal timing. Preparation cannot wait either.
Need Help Assessing Your Cyber Readiness?
Cybernetic Global Intelligence supports organisations with incident response, penetration testing, governance, risk and compliance services, including support from experienced consultants and PCIQSA compliance auditors.
If you want to strengthen resilience before an incident affects operations, CGI can help you identify gaps, test controls, and prepare with confidence.