A large cyber attack has caused chaos in the New Zealand healthcare system over the past few weeks. Multiple hospitals in New Zealand became crippled due to locked phone lines and computers from a large ransomware attack. Though the ransom note didn’t contain a dollar amount the note indicates a “ransomware event” according to the head of Waikato’s district health board Kevin Snee. In another interview he said, “It’s probably the biggest cyber attack in New Zealand’s history. We are dealing in uncharted territory here.” News outlets just today reported the group that attacked Waikato healthcare system released “documents, records, and phone numbers and addresses of patients and hospital employees” to them in an apparent double extortion attempt. We have yet to see any of this information on the darkweb but we expect the group will release the private data at some time in the future.
Nurses couldn’t look up patient information due to this attack. Nurses and doctors resorted to pen and paper and asking patients what they came for and who they came to visit. The hospitals postponed many elective surgeries and transferred patients to other facilities. The hospitals have also asked patients not to come to the emergency room due to long delays unless they need immediate care for a life-threatening injury.
Investigators have not released how the group that hacked the hospitals first got access. In most cases like this one the malware starts as an email. Users tend to create the biggest holes in a network’s security. We shouldn’t blame the user who opened the email but encourage users to notify investigators of the issue. Administrators and security experts have the responsibility to teach users about suspicious emails and perform evaluations of users with periodic tests. Any security system must have a layered defense that includes the user.