NZ spy agency assisting Waikato DHB after cyber attack/ransom demand

The nation’s spy agency has been scrambled in the aftermath of a crippling cyber attack and ransom demand that has brought Waikato District Health Board services to their knees.

But the DHB is adamant that no ransom will be paid to hackers who have launched a targeted attack on the organisation’s IT services today.

A spokesman for the National Cyber Security Centre (NCSC) – a branch of the Government Communications Security Bureau (GCSB) – told the Herald staff were providing support to Waikato DHB following today’s attack.

The spokesman said the NCSC’s role was to help protect New Zealand organisations of national significance “from advanced, persistent, primarily state-sponsored, cyber security threats”.

Te agency did not usually divulge whether it was involved in specific incidents.

“We are very conscious that malicious cyber actors can monitor public commentary on and incident and for this reason, while the investigation and remediation efforts are ongoing, we will not provide additional details regarding its cause or the response to it.”

DHB chief executive Kevin Snee told Stuff “no ransom will be paid” and he did not know who was behind the attack.

Cyber security expert Bruce Armstrong told the Herald he believes it is a ransomware attack on Waikato DHB from Asia or the Middle East, similar to what has hit the Irish health system in recent days.

He believes it is similar in nature to the DDoS attacks that rocked the New Zealand Stock Exchange (NZX) last year and overrun its system for days.

“Health organisations are highly prized as targets globally and health industries throughout the world are the most attacked and most expensive type of attacks that happen,” the Darkscope founder said.

“The normal pattern is they will warn the organisation they will do it, and run half an hour DDoS attacks, and if the ransom is not paid they will attack at hours at a time.

“The attack on the NZX played out over three days before they were able to completely stop its affect on their systems.”

He said ransomware attacks are not targeting patient data and the only interest is to get money from the organisation.

“It’s purely commercial … they’re just doing it to take money from the organisations that they’re attacking,” Armstrong said.

“It’s a game of cat and mouse. Unless defence systems can get better we will see them happening throughout the world.”

The major cyber security attack has been described as “mayhem” and could take days to fix, a union representing doctors says.

Clinical services across all Waikato public hospitals have been seriously affected by the cyber security incident, with all phones and computers down.

Waikato District Health Board has set up a coordinated incident management system to try to resolve the situation as soon as possible.

The DHB said it was experiencing a full outage of its information services.

Clinical services at Waikato, Thames, Tokoroa, Te Kuiti and Taumaranui hospitals are all affected to varying degrees.

“We have engaged external assistance to address a cyber security incident affecting our Information Services environment,” the DHB said on its Facebook page.

“We are at the early stages of identifying what has happened, and are unable to provide further detail at this stage while we investigate the incident. The appropriate government authorities have been advised of the situation.

“We are uncertain how long it will take to resolve this situation, but we are working hard to get our services back online.”

The DHB said all patients in hospital were being well cared for, but some outpatient clinics had been cancelled.

It said people affected by this would be contacted to rebook their appointments.

A staff member at Waikato Hospital told RNZ it was chaos there as nothing was working.

The staff member said they had been told it could take three hours or longer to fix.

A union representing doctors said those working at Waikato hospitals and clinics had described the ongoing systems outage as “mayhem”.

The Association of Salaried Medical Specialists said doctors had described how they were only going ahead with operations if they had printed patient notes.

The union said staff had been told the outage could take days to fix.

The DHB asked people to only go to Waikato Hospital Emergency Department for emergencies, so it could continue to provide critical services to patients.

People trying to contact patients should consider using personal mobile phones where possible in the meantime, it said.

'Attempted cyber incident'

The Ministry of Health (MOH) said the “attempted cyber incident” occurred overnight and all the internal systems, except for email, were temporarily shut down.

MoH group manager Darren Douglass said the outage was affecting all clinical services across the region’s hospitals.

The Waikato DHB was working closely with the MoH and IT partners, he said.

“While this outage affects all Waikato DHB computers and phones, disruption to outpatient services are being kept to a minimum. Any services that have had to be postponed will be rescheduled and Waikato DHB will be contacting patients to make those new bookings.”

CERT NZ – the Computer Emergency Response Team – said it could not comment.

“Because of the sensitive nature of the reports made to CERT NZ and the need to maintain confidentiality, we don’t disclose whether or not an organisation has made a report to us. We encourage you to speak to Waikato Hospital directly.”

Source: Read Full Article