2 Jun 2021

Waikato DHB ransomware attack: Half of servers restored in past four days

8:29 pm on 2 June 2021

Waikato DHB has dismissed the idea that paying a ransom after its cyber attack would have been easier than having its entire computer system put out of action for such a long time.

Waikato District Health Board notice of outage of systems from cyber attack.

A Waikato District Health Board notice of outage of systems following the cyber attack. Photo: RNZ / Andrew McRae

The ransomware attack was made on the DHB two weeks ago and the IT system is not expected to start coming back on line until next week.

The DHB said while it was making significant process on restoring it, the system included several hundred servers, many major network sites and thousands of work stations.

The DHB had gained a fuller understanding of what happened and how to safeguard against another cyber attack, it said, but chief executive Kevin Snee was still reluctant to go into any detail about it.

"I can say that it was a sophisticated attack which was carried out by people intending to seriously disrupt our service to extort money and I can say that because we understand the problem, we can address the problem," Snee said.

Radiology and laboratory services were expected to be online by the end of next week, and internal systems sooner than that, he said.

"Over the last four days we have been able to restore over half of our servers. We are implementing systems to heighten our security and we are working to restore all of our work stations which should be on the hospital campuses, (and) all of our five hospital sites should be up and running in the next two days."

All systems would be thoroughly tested to check they were secure before being reinstated, Snee said.

Radiation therapy remained the key priority to get restarted and while it was initially thought that would happen by yesterday, Snee expected it would take until next Tuesday.

"That's unfortunate but we now have greater confidence in the timelines that we are posing, so I expect by the end of next week the hospitals will be in a much better state."

The hackers demanded a ransom payment, but the actual figure has not been divulged. Snee said paying up would not have solved the problem.

"One, if you pay the ransom doesn't mean to say it is going to solve the problem. Secondly, this is a business and these are people running a business of extortion. So paying a ransom just feeds that business model. Thirdly, actually my advice is that we would still have to restore from backup, so being given the encryption key isn't going to help."

Patients' Rights Advocacy Waikato chairperson Carolyn McKenzie said despite the chaos, she had received no phone calls from concerned patients.

She thought they were biding their time.

"Wait and see I think is the overall attitude of most of them. They will just wait and see how quickly the DHB can get up and running again and I have even heard some compliments as to how resilient they feel the staff have been."

Cyber threats would be never-ending, and the government needed to provide more funding and support to DHBs to boost their IT systems, McKenzie said.

"I think it would be very useful if they took a large chunk of that responsibility off the different entities that are, after all, government-funded entities. I think the government could help. I have been dismayed by the lack of action. It's not enough to have an inquiry."

The attack had highlighted the need for DHBs to have a backup paper-based system in place in case it happened again, she said.

Get the RNZ app

for ad-free news and current affairs