There has been a hack of one of our district health boards. This has meant that many procedures have been cancelled, that access to cancer treatment is challenging, to the point that the leader of the opposition suggested we should send patients to Australia.
A Government-ordered review will take place after the ransomware attack on the Waikato District Health Board last week is finally resolved.
Resolution of Waikato DHB ransomware attack ‘some weeks away’Play Video07:05
Andrew Little says a total of 680 servers need to be recovered before the DHB is out of the woods. Source: Breakfast
Health and GCSB Minister Andrew Little told Breakfast today a review would be carried out to determine whether basic maintenance was being done on the DHB’s IT systems. Little also remained adamant he’ll be around to oversee it, despite calls this week for him to lose his two prominent portfolios.
“I’ve heard the suggestion, but I’m not going to resign,” he said bluntly, without offering further explanation.
The response to the cyber attack was stepped up yesterday, with the situation escalated to a national crisis, after authorities realised patient data had been taken and circulated to New Zealand media.
Little said one question a review could answer is whether the DHB system was configured as well as it could have been.
Little pointed out the DHB’s parking system, emails and radiology oncology service were all connected.
He agreed with the DHB that sending cancer patients to Australia as part of the response — a measure suggested yesterday by Opposition Leader Judith Collins — was a “matter of last resort”.
Little said travel for cancer patients and their families to other regions of New Zealand has been disruptive enough already without having to go overseas.
The problem is security, and it’s fair to say that the DHBs have a limited budget, so IT services are being considered instead of hiring nurses or more surgeries. This means that the infrastructure gets… worn. Our system is socialist: the government funds it and the government is trying to dodge accountability. But their feet are being held to the fire by Meilssa Lee, one of the opposition MPs.
The reason I am so concerned about our cyber education is simple; the Internet is our new border and we are at a growing risk of malicious damage to our nation through online actors then we are now through our airports, particularly during COVID times. Millions upon millions is lost out of our economy due to the damage that one email with a virus can contain and we must do more. The State has to take far more responsibility as our democracy, our health and ultimately, our lives are now at risk. It is not hyperbole to say that when clinics and hospitals across the Central North Island are facing one of the greatest crisis our nation has seen.
At the start of this Parliament I called for a Briefing on Cybersecurity to be instated before our Select Committees. It took several months but it finally began a few days ago, I’m hoping in light of the ongoing situation in the Waikato I will get this Briefing extended to more widely address the ramifications of this assault on the health of the Central North Island and I hope my Committee colleagues will support me on this.
Where is the Ministerial accountability? David Clark, the former Health Minister turned Minister for the Digital Economy and Communications, who was asleep at the wheel during COVID-19 is clearly also asleep at the wheel despite being the Minister in charge of cyber security policy. David Clark confirmed to me in Parliamentary Questions neither he nor his officials, which cover cyber security matters, have given any advice towards Cybersecurity or ICT Operations to the DHBs. Here it is again unedited:
As Minister for the Digital Economy and Communications, neither I, nor my officials, have given any advice to District Health Boards regarding cyber security.
What an outrage. Either something is fundamentally wrong in the answer given or his team hasn’t even sent some posters for the offices of our DHBs . I’ve been asking the questions, about 900 cybersecurity specific ones of the 3572 I’ve lodged as of Tuesday. Apparently I’m the most prolific MP so far of this Parliament and that’s not a good thing; it’s ridiculous I have to ask so many questions when this Government is failing to deliver and now our digital borders are being breached near constantly.
Ultimately, this situation goes beyond the Labour Government not doing their job. It is seeing individual New Zealanders being harmed at their most vulnerable being forced to travel the length of the country for medical treatment and with growing anxiety about what unknown hackers know about their personal lives.
We all need firewalls and VPNs. Casa Kea has a hardware firewall connected to the router: and in addition we use a VPN. This is not because I’m that worried about the woke: they will find all of us guilty of some microaggression. It is because I don’t want to delete everything and start from bare metal again, which I am capable of doing — this is the 4th blog because of such.
But this is not patient data. No one wants the world to know their cholesterol, or more intimate data. Andrew Little is talking about a national electronic health record. He should consider the situation in Ireland, where the data has value, to the point that the hackers have gifted their health care system with the tools to restore the system now they have scraped out of it all the information they can sell.
It is bad enough if you have some form of dam to keep the hackers and the dark web away. We did not have that. The DHBs did not have the intelligence from the government to allow them to develop that. And now, whatever dyke is keeping the ocean away from our data is crumbling.
And they want to regulate the interwebs when they can’t keep what should be private, confidential.