Cyber uplift slashes attack response times

NEWS - eHealthNews.nz editor Rebecca McBeth

A programme to improve national cybersecurity capability following the Waikato cyberattack has slashed response times to high severity events and meant the system was not significantly impacted by the CrowdStrike outage. 

The national Cybersecurity Uplift Programme was launched to address critical security gaps identified in the aftermath of the 2021 Waikato DHB ransomware attack. 

The three-year programme finished at the end of June 2024, and a further two years of funding has been provided to maintain the maturity achieved so far. 

"At the end of that incident, the lessons learned were worked through, and we found we had a number of gaps in our security posture and our ability to protect ourselves at the district level," says Health New Zealand - Te Whatu Ora chief information security officer (CISO) Sonny Taite. 

One of the key milestones of this program was the establishment of the National Security Operations Centre (SOC), which became fully operational by the end of 2023. This brings together cybersecurity experts from across the country's 20 former districts.  

Speaking on the latest episode of eHealthTalk NZ, Taite says this centralisation of expertise and resources has enabled Health New Zealand to monitor and respond to cyber threats more effectively.  

“Our SOC receives thousands of security events every month," Taite says. 

"We categorise those events into high severity and those events to be noted. Our team targets a 15-minute response time for high-severity alerts and serves as one of our first lines of defence against cybercriminals. 

“The speed of attackers nowadays is so fast that we always need to be getting better and better, using all of the tools at our disposal and continuing to innovate.” 

Health NZ moved to a standardised security product and platform through 2023, reducing the coverage and impact of the CrowdStrike outage in July which crashed millions of Windows systems worldwide.

“If we had not done that work we would have had quite significant impact and disruption on the health system,” Taite explains.

The cybersecurity team also delivers an ongoing education and awareness programs aimed at the 90,000-strong workforce in the healthcare sector. 

"We have been spending a lot of time building awareness across our workforce because of the constant load of phishing and scam emails that attempt to trick our staff into clicking on malicious links," Taite says. 

“We have made a lot of progress since the Waikato incident where we did not have those capabilities: there was no national SOC or many of the services we now have in place.” 

Hear more from Sonny Taite in the latest episode of eHealth Talk NZ.

Return to eHealthNews.nz home page