Health Minister Andrew Little said the Waikato District Health Board is contacting patients whose personal information has now been dumped online after a ransomware attack in May.
Few promised to “conduct a full and independent investigation” into what appears to be the most serious cyber attack in the country, during an emergency debate in Parliament.
Things Tuesday morning I learned that documents appearing to be from the Waikato DHB have been posted on the Dark Web.
The list of documents suggested that it included folders containing information about patients as well as information about the staff and finances of the National Bank of Dubai. Things Did not access the data to verify the contents.
* Waikato DHB hack escalates into a national crisis, Wellington top officials meet
* Waikato DHB seeks to contain a cyber attack, and the safety of patient data is unclear
* The New Zealand company is helping the Irish Health Service recover from a ransomware attack
*DHB attackers likely threaten to release patients’ health records, experts say يقول
Brett Callow, a threat advisor at Nelson-based cybersecurity firm Emsisoft, said the information appears to have been dumped by an organization called the Vice Society which may have been also known as HelloKitty.
Little emphasis was placed on unpacking the document.
“I want to express our thanks to the patients and staff whose information the Waikato DHB office kept, and who are now putting this information at risk,” he told Parliament.
He said the Waikato DHB had a system for calling patients to let them know the nature and extent of information about them that had been compromised.
He said DHP was working with the victims to provide them with the necessary support.
“In addition, people have the right to go to the Office of the Privacy Commissioner and exercise their rights under the Privacy Act.”
Few said cyber attacks were “the reality of the world,” noting that Ireland’s health services also suffered a massive ransomware attack days before Waikato DHB discovered it had been attacked.
He said DHB is still recovering from the May attack.
He said many systems are back online but “there is no doubt that they are not back to normal yet”.
One source suggested that the Waikato DHB has an unusually high percentage of software systems waiting for critical software patches, which could potentially make them more vulnerable to attack.
DHB has been contacted for comment.
Few promised an investigation once the DHB recovered.
“There will be – because there should be – a proper independent investigation into the state of the system prior to the ransomware attack and the quality of the response to it,” he said.
“Only at this point will we have an understanding of how vulnerable this system is, or whether it was the DHB that did all that was expected of it,” he said.
Little has been said before that DHB will not pay ransom to criminals who hack it.
National Party communications spokeswoman Melissa Lee expressed strong support for this position.
“I applaud the government for not bowing,” she said.
But Lee questioned whether it had funded cybersecurity enough given the extent of the attacks.
“Why didn’t this government enhance cybersecurity resilience through its budget process?” She said.
She said Australia had done so by increasing the budget by A$1.6 billion (NZ$1.7 billion) this year.
Calo said the threat to release the data was used as additional leverage to force payment.
“Organizations in this situation do not have good options,” he said. “They had a data breach, and whether they pay or not, it can’t be undone.”
He said Emsisoft has no insight into who created the HelloKitty ransomware or where it might be based.
“The ransomware is likely to be sold as a source code set, and thus may be used in a renamed form by multiple threat actors.”
He said that the program did not contain weaknesses in the encryption.
“Thus, the only way to recover encrypted files is to restore them from backups or push the order.”
Callow is among a growing number of cybersecurity professionals who have called on governments to ban or facilitate the payment of cybersecurity ransom to try to make attacks less profitable, describing the current situation as a “mad frenzy” for criminals.