$75m to improve cybersecurity in health

eHealthNews.nz: Information Governance

Monday, 17 January 2022

Share |

NEWS - eHealthNews.nz editor Rebecca McBeth

Govt invest cyber Up to $75.7 million will be spent on improving cybersecurity for the health and disability system to better protect sensitive health information.

The funding will be invested over 3 years on upgrading existing software and systems, establishing national security standards and guidelines, strengthening assurance and testing capability, and increasing the use of cloud security services.

A national Chief Information Security Officer (CISO), a primary care CISO and 10 further cybersecurity FTEs will be recruited to lead on and manage cyber risks.

Shayne Hunter, deputy director-general, data and digital says the number and sophistication of cyber-attacks is increasing globally and healthcare is one of the most targeted sectors.

Waikato DHB was hit by a ransomware attack on May 18 causing a full outage of its information services across the region. Patient and staff details were stolen then later posted online by the cyber criminals.

Hunter says that while all 20 DHBs are making progress with increasing the resilience of their systems to reduce the risk and impact of events like the Waikato cyber-attack, “we know that more needs to be done”.

He says it is not possible to eliminate cyber risks altogether, but the extra funding will help minimise the risk of disruptions to healthcare services in the event of a cyber-attack and better protect sensitive health information.

“Our health and disability system is critical national infrastructure that will only become more dependent over time on digital technology and information sharing across health networks,” he says.

“This contributes to better patient care and health outcomes but increases the risk presented by cyber threats.”

The Ministry of Health has worked with DHBs to assess the current cybersecurity risks across the sector and prioritise areas for improvement through a cybersecurity roadmap.

The first step in the roadmap is to build a set of core cybersecurity capabilities for hospitals, primary care and community services.

“A focus of our strategy is on sharing resources and capability. A key responsibility of the regional cybersecurity teams will be to help primary care and community providers develop incident response plans so they can continue to provide essential services in the event of a cyber-attack,” says Hunter.

Security leadership and capability is another area of focus with around 10 new roles to be established including regional security leadership roles as well as a mix of security assurance consultants and analysts working in the national security operations function.

eHealthNews reported in November 2021 that New Zealand’s DHB regions were appointing CISOs and three have been appointed.

Delivery of the roadmap will be over three years and governed by a Cybersecurity National Steering Committee, which will include national and regional CISOs along with representatives from the Ministry, the heath sector, the National Cybersecurity Centre and the Government Chief Digital Officer.