Sign In | Join HiNZ
eHealthNews.nz: Information Governance

National programme to significantly lift health security level

Thursday, 7 July 2022  

NEWS - eHealthNews.nz editor Rebecca McBeth 

The National Cyber Security Uplift Programme is looking to significantly increase the security level of New Zealand's health system.

An update from the programme says a long-term lack of investment in IT systems and software has left the health system vulnerable and the national cyber security uplight plan seeks to mitigate that risk.

The government has committed up to $75 million over three years to improve cybersecurity for the health and disability system.

The statement from the Te Whatu Ora, Health NZ cyber security team says this programme of work “began in earnest” in late 2021 and recently appointed the country’s first primary health chief information security officer (P-CISO) Nancy Taneja.

A security assessment of the Ministry of Health and DHBs was based on 10 building blocks which provide a foundation of cyber security maturity. The ‘blocks’ were defined in reference to the NZ Information Security Manual.  

You’ve read this article for free, but good journalism takes time and resource to produce. Please consider supporting eHealthNews by becoming a member of HiNZ, for just $17 a month.

This cyber security maturity uplift challenge has been divided into three core areas for improvement.

‘Improving sector capability’, including bringing in more cyber security skilled people to the sector, the refresh of the Health Information Security Framework to suit multiple user types in health and awareness and training for people working in the sector.

‘Sector protect’ will build system and network defences against attack or to reduce the impact of a successful incident. The biggest of these is the introduction of Microsoft E5 tools which better protect and defend against human error and successful breaches with little impact on IT users.

‘Sector detect, respond and recover’ focuses on managing vulnerabilities, increasing visibility across IT systems and of threats while building a fast effective response to attacks.

Waikato DHB was hit by a ransomware attack on May 18 causing a full outage of its information services across the region. Patient and staff details were stolen then later posted online by the cyber criminals.

The Cyber Security Uplift Programme statement says the use of IT and data sharing is increasing in health and “the Government and health providers have no appetite for another ransomware attack of the scale and impact that Waikato experienced.

“As part of New Zealand’s critical infrastructure health is a frequent target by state actors and criminal hackers. We need to do everything we can to minimise the risk of another attack.

“Our people are our greatest strength in delivering better health outcomes whilst also providing the most likely gateway for attackers. Building awareness and understanding of cyber security risks and behaviours or actions to reduce them will be our strongest defence."


To comment on or discuss this news story, go to the eHealthNews category on the HiNZ eHealth Forum

Read more Information Governance news

Return to eHealthNews.nz home page


« Back to Index

Contact Us

Health Informatics New Zealand

PO Box 300125,
Albany, Auckland 0752


assistant@hinz.org.nz

Quick Links

Social Media

Search