Hackers claim access to NHF client data, Tufton confirms

Jamaica's Health and Wellness Minister Dr. Christopher Tufton has confirmed that a hacker group contacted the National Health Fund (NHF) claiming to be in possession of confidential information belonging to some of the agency’s clients, as investigations into a cyber incident affecting the organization continue.

Speaking at Wednesday's post-Cabinet press briefing at Jamaica House, Tufton said the NHF had received communication from individuals claiming responsibility for the breach, but stressed that the authenticity of the alleged stolen data has not yet been verified.

“There has been some communication from some deviant around this breach,” Tufton told journalists. “The NHF has confirmed receipt of a threat from a hacker group claiming to have access to some of the data. It's not yet confirmed. Even though they have indicated some of the data that they say they have, it's not yet confirmed.”

According to the minister, the information allegedly accessed relates primarily to medication records and details regarding beneficiaries' use of prescription drugs through the NHF.

“It's confidential data. We don't reveal our history of medication administration and we do get attacks on a daily basis, just as the banks do and so on,” Tufton said.

He noted that enough evidence had emerged from the incident to require formal notification to the Office of the Information Commissioner (OIC), in keeping with Jamaica's data protection requirements.

The NHF later confirmed that investigations remain ongoing and that it is working closely with cybersecurity experts and law enforcement authorities to determine the scope and impact of the incident.

The agency said its cybersecurity consultant and the Major Organised Crime and Anti-Corruption Agency (MOCA) are assisting with the investigation, while an initial report has already been submitted to the OIC.

Despite the breach, the NHF emphasized that its services remain fully operational and that beneficiaries continue to access medications and other benefits without interruption.

“Just to assure the public that the immediate steps have been taken to reinforce security protocols, and hardening of the organisation's security posture is ongoing,” Tufton said.

In its statement, the NHF said it has contacted all stakeholders identified as potentially affected based on information available as of June 10 and continues to assess the situation while implementing additional safeguards.

The agency also revealed that it recently engaged an international cybersecurity firm as part of broader efforts to strengthen its digital defenses amid increasingly sophisticated cyber threats worldwide.

According to the NHF, several organizational and technical security measures have already been implemented, with additional protections scheduled to be rolled out as the investigation progresses.

The agency reiterated its commitment to transparency and protecting sensitive personal information entrusted to it by Jamaicans.

“The NHF understands the importance of safeguarding the personal information entrusted to us. We remain committed to protecting the privacy and security of our stakeholders' data and will continue to strengthen our systems and security measures in the face of these growing cyber threats,” the agency said.

Authorities have not disclosed the number of individuals who may have been affected, and officials say efforts to verify the hackers' claims remain ongoing.