Waikato DHB hospital services have returned to full functionality following the cyber security incident which affected our systems in May 2021.
We thank our people, the community we support, and our partners and regulators for their support, patience, and understanding while working through backlogs and recovering from the incident.
Waikato DHB also wants to take the opportunity to sincerely apologise to the Waikato community for the added stress this incident caused during a challenging time for all.
We also thank everyone for their patience and support while we worked through this cyber incident.
Further to our previous updates, as soon as Waikato DHB became aware of the incident, our incident response plan was implemented to get our digital systems back up and running and securely as possible.
In response to the Incident, Waikato DHB implemented containment, eradication and recovery measures that impacted the availability of its systems and the services provided.
Using a staged approach to restore services based on their criticality and once they were secure, with clinical systems prioritised.
We were able to maintain 80% of normal activity levels over the two months following the outage. The type of procedures undertaken by the DHB was also different to normal over this time as some services experienced significant disruption while the impact to others was limited. Where patients required urgent treatment which could not be provided at Waikato DHB facilities, care was outsourced.
To address any backlog of care, at this time we have increased outsourcing, increased theatre time, and evening and weekend procedures. We have also resourced additional clinics. The focus is on those patients with the highest clinical priority, where there are potential equity impacts, and where patients have experienced extended wait times.
Below we provide a recap of the ransomware cyber incident that impacted our operations.
What is ransomware?
Ransomware is a type of malicious software used to “lock up” an organisation’s data (e.g. information and files) and interrupt digital systems (e.g. laptops). Where an organisation does not have access to the “key” to unlock the data, it may be required to restore its systems from backups or, where backups are not available, rebuild the systems from scratch.
What does disclosure on the dark web mean?
The impacted dataset was disclosed on the dark web. The dark web is a part of the internet that can only be accessed through special kinds of software. Most dark web websites are not directly accessible via a normal search made through a search engine (such as Google). They effectively hide themselves. They are accessible only if the addresses of those sites are known to the user.
On 18 May 2021, we became aware that some of our digital systems were not operating as usual. We immediately took steps to secure our systems. With the support of our IT team and external cyber experts, we initiated an investigation which confirmed that the outage was the result of a ransomware incident.
Waikato DHB then identified that a set of data was copied outside of its IT environment. This dataset has since been disclosed by a third party on the dark web in June 2021. This dataset contained some personal information.
In response, we have been working with cyber security experts, the Police, the Privacy Commissioner, and the National Cyber Security Centre to investigate this incident and ensure that we take appropriate action.
Waikato DHB has also obtained High Court orders to protect any personal and confidential information that was stolen from further access or publication by media agencies and others.
Has there been an investigation?
Waikato DHB initiated an investigation to contain the incident’s impacts and begin the restoration process as quickly as possible. As part of this process, Waikato DHB also notified the Police and the National Cyber Security Centre that the incident appeared to have been caused by a malicious cyber actor.
Expert forensic investigators and third-party incident response and threat eradication specialists have continued to assist Waikato DHB to investigate the incident.
Waikato DHB remains conscious that malicious cyber actors monitor public commentary on incidents. For this reason, we are not providing additional details regarding the incident’s cause, methods used, the value of the ransom or who may be responsible.
Similarly, the costs of the incident will remain confidential. In part, this is to prevent any malicious actors from evaluating the commercial impacts of ransomware for New Zealand District Health Boards and targeting any other organisation.
Following the incident, Waikato DHB later identified that a set of data was copied outside of its IT environment. This dataset has since been disclosed by a third party on the dark web.
Waikato DHB has conducted a detailed review of the impacted dataset with the objective of confirming who and precisely what personal information has been affected. As a result of this review, we were able to notify individuals who had personal information contained in the impacted dataset.
Waikato DHB has also obtained High Court orders to protect any personal and confidential information that was stolen from further access or publication by media agencies and others. Further, we had no evidence to suggest that personal information has been misused but issued notifications so that individuals can take steps to protect themselves moving forward.
This was done by providing several proactive steps to protect against the potential misuse of information. We also reminded the community that support remains open to anyone who may have any questions or concerns about their personal information following the incident. Listed below are some of the organisations (including their contact details) where further support and guidance can be obtained.
As Waikato DHB completes the final notifications, the Privacy Commissioner will continue to be updated with the notification progress and the level of support provided to the community who have any questions or concerns regarding their personal information.
Again, Waikato DHB sincerely apologies to the Waikato community for the added stress this incident is causing during a challenging time for all.
Below are some of the organisations that are here to support you should you have any questions or concerns:
1. Waikato DHB
If you have any other questions after reviewing this information in this letter, please do not hesitate to contact us at email@example.com. Alternatively, you can contact us at our helpline on 0800 561 234. The helpline is available 24 hours a day, Monday to Friday.
If you have concerns about your information or are seeking additional ways to protect yourself, you may wish to contact IDCARE, New Zealand’s national identity and cyber support community service. IDCARE is a registered New Zealand charity that specialises in working with community members to protect and respond to personal information risks.
You can engage an IDCARE case manager via IDCARE’s ‘Get Help Web Form’ at https://www.idcare.org/contact/get-help, where you can arrange a confidential discussion with a professional at a time that suits you. You can also call 0800 121 068 between 10am and 7pm. There is no cost to you for engaging with IDCARE.
Alternatively, you may visit IDCARE’s ‘Learning Centre’ for further information and resources on protecting your personal information (https://www.idcare.org/learning-centre).
3. Privacy Commissioner
The Privacy Commissioner has been notified about this incident. If you have further concerns, you have the right to complain to the Privacy Commissioner.
You may wish to visit the New Zealand Privacy Commissioner website for further information about your privacy rights and responding to cyber security incidents (https://www.privacy.org.nz/your-rights/your-privacy-rights/).
4. Kaitiaki support
A roster has been set up to ensure 24/7 access to Kaitiaki support. Phone 021 806 171.
5. Other Key contacts
- Waikato DHB general enquiries, including outpatient clinics: (07) 839 88 99 or 0800 276 216
- Privacy questions: 0800 561 234
- Non-urgent health questions: Healthline 0800 611 116
- Emergencies: 111
- Kaitiaki support: 021 806 171
- Media: firstname.lastname@example.org