29 Jun 2021

Waikato DHB ransomware attack: Documents released online

7:28 pm on 29 June 2021

Documents from Waikato District Health Board have been released onto the dark web after the ransomware attack that crippled five hospitals' IT systems in May.

Waikato District Health Board notice of outage of systems from cyber attack.

A Waikato District Health Board notice in May. Photo: RNZ / Andrew McRae

RNZ has been shown screenshots of what appears to be a link to a directory of sensitive information.

The list of documents suggests it includes data of patients and staff.

It has been six weeks since a ransomware attack crippled its systems and forced a massive overhaul of its operations.

The ransomware attack brought the DHB's hospitals and services to a grinding halt and staff have had to resort to manual workarounds to continue caring for patients.

Some people needing specialist treatment have had to travel to other DHBs.

IT security expert Daniel Ayers told Midday Report he had a look at the file structure - without viewing personal information - and confirmed it is from the DHB.

He said the documents included correspondence, medical records, and financial data.

"I do note that some of the material in this leak does match some of the information that was previously released to media."

He said this could be an act of retaliation for the ransom not being paid.

"There's a substantial amount of information here and the fact that it is being made public is obviously concerning."

Confirming some stolen information had made its way to the dark web, Waikato DHB released a statement this evening saying it had been aware of the risk and had been working closely with cyber security experts to identify and manage any potential disclosures.

"Early on in this incident, the DHB was made aware of an information file that had been accessed," it said.

"At that point in time the DHB took the necessary steps to notify affected staff and patients. The DHB has been working closely with the Privacy Commissioner to ensure that we meet our obligations and appropriate action has been taken.

"As the investigation continues and further information is provided we will continue to notify staff and patients as appropriate.

"Additional material has now been identified, as reported in the media today. The DHB has obtained this material and is now working through it to understand the content and will thereafter notify affected patients and staff."

The DHB said notifications to individuals would include advice on how to protect themselves and their data moving forward.

"We will also continue to assess the situation so that we can quickly provide updated advice in the event we identify any additional risk to individuals."

It requested that media organisations deal with the material sensitively to avoid undue stress to individuals and said a government-announced independent review into its systems would allow it to learn from the experience.

"We are aware that some media have obtained screenshots and/or data and ask that care is taken in any public disclosure. There is potential to cause undue distress to patients and staff through the publication of information which allows the identification of individuals.

Get the RNZ app

for ad-free news and current affairs