19 May 2021

Cyber attack at Waikato hospitals: Patients anxiously wait for updates

9:35 am on 19 May 2021

Patients whose surgery was cancelled because of the cyber attack affecting Waikato hospitals are anxiously waiting to find out how big the disruption will be.

Waikato Hospital

The cyber attack affected systems at Waikato Hospital (pictured) and Thames, Tokoroa, Te Kuiti and Taumaranui hospitals. Photo: RNZ / Simon Rogers

The ransomware attack on Tuesday crashed Waikato District Health Board IT systems including computers and phones, affecting Waikato, Thames, Tokoroa, Te Kuiti and Taumaranui hospitals.

Waikato DHB chief executive Kevin Snee said it was thought the attack entered the system through an attachment in an email.

Most elective surgery has been cancelled along with outpatient clinics and people have told to stay away from Emergency Departments if possible.

One patient, Tony, was flown from New Plymouth to Hamilton for an operation on his leg scheduled for yesterday and was told at 5pm it wasn't going to happen.

"I've been nil by mouth all day so no food or anything - a bit stressing," he said.

"Nothing I can do about it, just got to sit in line and wait - there's other people probably more urgent than me - just got to take it as it comes.

Another patient waiting for surgery, Vaughan, said when the cyber attack happened the wifi went out, then, it was chaos.

"It was quite funny watching everyone having to resort to paperwork.

"Everyone freaking out ... it was a bit of a nightmare for them.

"The receptionist was just pulling their hair out.

"Couldn't even get a coffee because the cafe here, it doesn't work on cash, it's cashless."

Both patients were full of praise for the staff who they said did their best in difficult circumstances.

"They did the best they could with what they had in front of them, they all worked together, everyone trying to help everyone else out and make the best of a bad situation," Vaughan said.

A doctor who worked through the mayhem, who asked for his name not to be used, said people coped in the emergency but the issues have to be resolved.

"When times come where we have to struggle and cope with different barriers that arise we just rally together so the morale for now is pretty good," the doctor said.

"But you know, these issues have to be dealt with pretty soon or else that will change."

DHB systems being built back up - chief executive

Snee told Morning Report several hundred outpatient appointments and "quite a number" of elective procedures had to be cancelled.

Patients who needed urgent procedures were dealt with at Waikato Hospital or sent to other DHBs.

The hospital has not had full access to patient records, but expected this to improve today with work done to facilitate access.

"I'd expect some disruption until the weekend but I think what you'll find over the next day or two is slowly but surely more services come on online."

Cyber security experts were isolating the problem and building the system back up.

"So that one bit at a time the system gets back up and running."

Snee said the DHB had done a lot of work over last year in improving the security system.

He said the assumption was the attack entered the system through someone opening an email attachment.

"It appears to have been attached to an email, that's our current working hypothesis."

New Zealand Telehealth chairperspon and former clinical director of information services at Waikato DHB, Dr Ruth Large, told Morning Report the situation was challenging for all concerned and that systems needed to be revised in light of the attack.

"All of our DHBs are all very aware of the security that is required to protect our patients and I think we're going to need to figure out where this one came from.

"It is important to remember that the malicious intent has come from elsewhere. If we are trying to apportion blame, that sits with the international sphere, which allows this sort of activity to happen."

She said the DHB computers had been put into quarantine until it could be determined how far the virus had spread.

Resident Doctors' Association and Association of Professional and Executive Employees (APEX) national secretary Dr Deborah Powell said it was her understanding the cyber attack was a type of ransomware called 'Conti' - the same used in an attack on the Irish Health Service which had to shut down its IT system to protect it.

The Irish Independent's business editor Donal O'Donovan told Morning Report attacks against the national health service and wider infrastructure were ongoing, since an initial attack last Friday.

"We've had really severe disruption to the health system, nationally, right across the country," he said. "It's a conti malware attack believed to be by a group called the Wizard Spider, a Russian criminal gang. It is a crimimal act and there is a ransom request and the government here is refusing to pay it."

The gang have threatened to release a wealth of personal information kept by the state's health service.

"Police are looking at a threat whereby the hackers have said if the ransom isn't paid people's personal information is going to be dumped into the dark web and obviously there's a lot of very sensitive information in people's medical files."

In 2009 the Conficker virus caused major disruption at Waikato DHB, shutting down more than 3000 computers for up to four days.

Cyber security expert Daniel Ayers said the public sector needed to start doing things differently including properly managing online security.

Ayers said the key factor of the ransomware is that it practised "double extortion".

"The first phase of the extortion is it's encrypting your files - 'give us your money or you won't get your files back' - but before encrypting the data they take a copy of it.

"The second phase of the extortion is if you don't pay them more money they are going to leak their files publicly, and if that happens to a healthcare organisation it's a very serious threat indeed."

Snee said to his knowledge there was no double extortion threat, and this was primarily a demand for money.

"Government policy is that we never pay ransom, one I wholeheartedly agree with."

Get the RNZ app

for ad-free news and current affairs