Waikato cyber incident ‘contained’ – report in 2022

NEWS - eHealthNews.nz editor Rebecca McBeth

An independent provider to investigate the Waikato DHB cyber-attack will be announced before the end of the year and the DHB says the incident has been “successfully contained”.

The DHB was hit by a ransomware attack on May 18 causing a full outage of Waikato’s Information Services across the region. Patient and staff details were stolen then later posted online by the cyber criminals.

The DHB says it has progressed well through the recovery phase of its incident response process, with most systems returned to full functionality or on standby to be reconnected.

Health Minister Andrew Little said in June that there would be a “full, independent inquiry” into the cyber-attack. A Ministry of Health spokesperson says the review will examine the cause of the incident and whether it could be repeated - either within Waikato’s environment, or another DHB.

“It was always intended the review be commissioned once most of the affected IT networks and systems were fully reinstated, so the respective terms of reference, and associated costs, are yet to be finalised,” the spokesperson tells eHealthNews.

“The third-party provider, commissioned to write the report, is to be confirmed and announced before the end of the year.

"Work on its report is expected to get underway before the end of this year and be completed by the end of the first quarter of 2022."

Waikato DHB says it maintains a considerable number of servers, thousands of end point devices and uses a significant number of applications for specialist clinical services and all these systems required cleansing or restoration, despite server operating system patches being up to date at the time of the incident.

“This has been a rigorous process to ensure only secure and protected systems were recommissioned in “waves” for use by Waikato DHB following the incident,” a DHB update says.

“Currently, our understanding is that the incident has been successfully contained and no longer presents an ongoing risk from a digital systems perspective. Further, Waikato DHB is also not aware of any stolen data being misused beyond the attempt to extort a ransom from Waikato DHB.

“While the primary focus of the incident response process so far has been containment and the restoration of Waikato DHB digital systems, the investigation’s focus has now shifted to reviewing forensic evidence on the sections of Waikato DHB’s digital network that were affected,” the update says.

“The findings from this investigation will be used to improve Waikato DHB’s information security resilience as we move forward from the incident.”

The Ministry of health spokesperson says cyber-attacks are a constant threat and DHBs have robust contingency processes that allow them to continue providing services in a variety of situations.

Following the Waikato DHB incident, the Ministry gave DHBs specific information so they can increase the resilience of their systems and all 20 have now completed that work, the Ministry spokesperson says.

Waikato DHB says it has introduced improved security controls across its digital systems, including process controls. Also, several security reviews have been undertaken, and the DHB is “further strengthening the external perimeter of its digital network”.

The DHB continues to switch to cloud-based services and to recruit IT specialists to strengthen its information security posture.

“Waikato DHB will also work with government agencies, including other DHBs, to share the lessons learned from the incident to support the continuous improvement of New Zealand’s cyber security maturity in the healthcare sector,” an update says.

If you would like to provide feedback on this news story, please contact the editor Rebecca McBeth.

Read more Information Governance news

Return to eHealthNews.nz home page