Patients, staff affected by Waikato DHB cyber attack contacted

NZ Herald ,
Publish Date
Fri, 28 May 2021, 2:37pm
Ministry of Health's boss of data and digital Shayne Hunter (left) joined DHB chief executive Kevin Snee and executive director of hospital and community services Chris Lowry. (Photo / Belinda Feek)
Ministry of Health's boss of data and digital Shayne Hunter (left) joined DHB chief executive Kevin Snee and executive director of hospital and community services Chris Lowry. (Photo / Belinda Feek)

Patients, staff affected by Waikato DHB cyber attack contacted

NZ Herald ,
Publish Date
Fri, 28 May 2021, 2:37pm

The Waikato DHB is working alongside experts, and the privacy commissioner, to ensure all obligations were met to notify those affected by last week's cyber attack.

The Ministry of Health's boss of data and digital Shayne Hunter joined DHB chief executive Kevin Snee and executive director of hospital and community services Chris Lowry for today's update 10 days since the attack which has left staff resorting to pen and paper to get patients through their doors.

"We are currently aware that a limited amount of patient and staff data may have been impacted in the incident," the DHB said in a statement.

"We are taking urgent steps to review the impacted data and we will be in direct contact with any affected individuals."

There is a dedicated 24/7 helpline on 0800 561 234 for concerns or questions and 11 calls were received yesterday. All queries were privacy-related, the DHB says.

Plans were in place in Tauranga and Wellington for 62 patients currently undergoing radiation therapy treatment.

Snee said they were hoping to have radiation services up at the end of the week. It won't be at full capacity but Tauranga and Wellington hospitals will help.

Snee said data was being analysed by security experts and police. He wouldn't provide numbers of patients or staff affected by the data leak.

He reassured people that the Covid tracer system was unaffected as had the vaccination programme.

Lowry said the emergency department saw high volumes of people, witrh 200 in Waikato ED and 291 across all sites. She asked the public to remember to use the ED for emergencies only.

As for elective surgery, 104 had been completed. Four cardiac cases had been referred to Auckland.

"We are working with Auckland who have been very supportive... and also looking at what private capacity we have got."

The acute demand on services is an area the DHB was focussing on, she said. "That's to ensure that we are able to maintain timely access for services."

Hunter outlined the support offered by the Ministry and steps its taking around cyber security.

The ministry was in support and helping convening with a number of agencies and also helping with the coordination nationally of the DHB system where it needs help.

In terms of Waikato's handling, he said DHBs were no different to anybody else when it came to cyber attacks. protection of data systems is something that all DHBs take seriously, including Waikato.

One of the biggest areas of increase has been malware.

"I have been very impressed with conversations I had with staff .. remedying and deliverying services under pretty trying circumstances."

He said the DHB had good backups for its data. From cyber security, all those involved in IT were motivated to keep information safe but have to acknowledge that it wasn't possible to keep information 100 per cent safe.

There were many questions that would come out of the attack and the work that was being done, Hunter said.

"Things will be clearer over time."

Immediately after notification of the attack, the ministry advised staff to be viigilant in their online activity including clicking on email attachments and ensured privacy was up to date.

The ministry is working with DHBs on a maturity assessment which will help detail targeted investment around cyber security.

The attack reinforced the need to review and improve cyber security protections.

"They will find all sorts of ways to get through our defences."

Hunter said they were in contact with the DHB as soon as they were notified and was helping out "from the get-go".

They were working to support the DHB in terms of advice but weren't doing the hands-on work.

Snee said other organisations had been taken out by cyber attacks and it was unfortunate health was a target.

Asked about progress that had been made, Hunter said the DHB took steps to protect themselves from further infection and had been going through a methodical process. "From our point of view they're making good progress."

All DHBs had been asked to monitor for activity which would suggest an imminent attack or phishing and also be prepared if someone was successful.

Snee said, in regards to services, they had put a lot of work into radiation back on track which would happen in the middle of next week.

As for the scale of the attack, Hunter said this would be the most significant attack that has happened on any organisation.

"It's pretty clear that this is quite a significant attack on the DHB."

As for the permanent loss of data, Hunter said it was early days and didn't want to comment at this stage.

Hunter accepted that not having access to IT information did put pressure on the system.

Snee said PHOs had been working closely with the DHB. There had been some problems getting communication in the early stages but they were being told about the limitations the DHB was working under.

Snee said they were in the process of contacting patients whose information was leaked to media and was likely to be done today.

As for the pay cycle, there were "some issues" with the processing on Wednesday and he expected that to continue but it was a better pay run than last time.

As for community services, they were still operating but had limitations in regards to accessing information, Lowry said.

Snee accepted the attack and restoring services was a "huge task" but keeping the system running, patients safe and staff morale high, was a "really big job and that's why staff have been working long hours to get this sorted out".

Hunter reiterated that cyber criminals were criminals and their motivation was money.

"It's a game of cat and mouse to be frank. Everything we do is to try and stay ahead of them."

As for a merged national health system, Hunter said it wasn't a centralised model with centralised systems, that was still being looked at. For a range of reasons, he never believed all data would ever be held on one system.

Snee said any change to the abolition of DHBs would be slow and happen over time.

As for the process to get the system up and running, Snee said it was their job to ensure that the system was "cleansed" of any issues and then re-built better than it was before.

When it was rebuilt it would be aimed to be better than before.

No complaints from staff, patients, health minister says

Health Minister Andrew Little says there's "still a long way to go" in finding out how Waikato DHB was left crippled by a cyber attack.

Little met with staff and patients this morning and assured the public the DHB was being given added Ministry support including not only IT and data but also to ensure it was being well managed as the system remained down and patient safety was not being compromised.

Little said he'd been told the DHB was making good progress in fixing the issue but there was still "a long way to go to find out what happened".

Asked whether staff were frustrated, Little said it was understandable for the incident to add stress to staff but they were handling it remarkably and have adapted to do what they do.

"They're doing a remarkable job. They're getting through procedures, people are still turning up to ED."

However, he couldn't give any assurance about whether the country's hospitals were safe from another attack.

"There's no such thing as a guarantee against cyber security attacks, they are a reality of the world today.

"What we need to do is make sure that as the systems are reinstated and restored is that the best possible protective measures are put in place so that if it does happen again we don't see this level of disruption that's been caused by this."

Asked about whether the DHB had spoken of its security vulnerability prior to the attack, Little accepted the systems were "reasonably old" which was the Government put money in their latest budget towards upgrading health systems.

He said he had asked other DHBs to look at their systems and provide an assurance to the director general of health that all the protective measures are put in place and that they were resilient to an attack.

"The assurances have been coming in, we're wanting the same from the PHOs as well, 17 have provided that response and the Ministry is working with the remaining 13."

He said he was not worried about patient safety being compromised due to the cyber attack, all the systems were operating, and the hack was about their data.

None of the patients he had met today had expressed any concern about their safety either, he said.

"They haven't expressed any worry to me about it, they are satisfied that they can still come here and get their treatment, some have been transferred but most are here .. and are appreciative of the support they're getting."

The hospital was operating "well and safely even if it is below par".

There was a sense that they would continue operating this way for "some time more yet".

As for an under-funded health system, Little said it had been "under-invested in for a long, long time".

"Many, many years under the previous government. There were two years where there was no money spent on capital expenditure for our health system, whether it was buildings or it was IT systems.

"We have been in recovery mode since we've been in government.

"We put $5 billion into buildings, hundreds of million into IT systems and another $380m last week alone. We are doing our best to catch up."

He said the cyber attack wasn't just a wake-up call for other DHBs, it was "for any organisation with a reasonably sizeable computer network".

"Cyber attacks are a reality and it is for any reasonably sized computer network to make sure that they've got protective measures in place and are resilient."

As for how it was doing prior to the attack, that would be assessed in an independent review once the hospital was back up and running as normal.

Snee and Lowry yesterday confirmed patient and staff data sent to media from the hackers was genuine.

Hundreds of appointments and surgeries have been deferred as a result and some seriously sick or cancer patients are being sent to other hospitals around the country for treatment.

Several media agencies, including the Herald, were contacted by the group claiming responsibility for the cyber attack, via an email with attached files containing patient and staff information. The Herald has provided the email to police.

The Government has already confirmed it would not pay any ransom to the hackers.