As a monthly newspaper we don’t usually delve into stories that are likely to be rapidly changing before we go to print. But given the focus of our issue this month is on developments in hi-tech, the problems bedevilling our close neighbours in Waikato did catch our eye.
In addition, members of our staff have been personally disrupted by the chaos that has resulted from the hacking. If nothing else, the latest hacking demonstrates just how vulnerable we can all be to cyber intrusion.
Radio New Zealand has already reported that there is widespread alarm about what might happen to highly sensitive patient and staff information from Waikato District Health Board.
A group purporting to be responsible for May’s cyber attack has emailed some media saying it has personal information of patients and employees and scores of records and documents containing names, phone numbers.
When we went to press minister of health Andrew Little was refusing to speak directly on the matter, issuing only a statement saying ransomware attacks were a crime. He has been in touch with the Waikato DHB Commissioner Dame Karen Poutasi about any assistance the DHB requires.
“There is an active police investigation. Other agencies such as the NCNS [National Cyber Security Centre] and the Privacy Commissioner continue to support the DHB,” the statement said.
Cyber experts say the danger is the hackers could sell the data to other cyber criminals, which could then be used to scam the victims, but whether a ransom was paid or not there was still no guarantee the data would be secure.
National Secretary for APEX Union and the Resident Doctors Association, Deborah Powell, described it as “just low-life behaviour”. Staff at the DHB were already dealing with the stress of the fallout of having the whole IT system compromised, and Powell said “the way we react is important here…”.
Waikato DHB chief executive Kevin Snee said the DHB was constrained by what it could say. “We can’t comment as it’s a matter of police investigation and we are aware that public commentary can be monitored by the malicious actor so we will not be commenting any further.”
RNZ’s checkpoint quoted reporter Phil Pennington, who has reviewed the documents, said: “It would be a very big exercise indeed to fake something like this, it does appear that they do have sensitive patient information … there is a lot of it.”
We would respectfully point you to our tech section and urge that you ensure all of your systems are secure.