20 Dec 2021

Health Ministry announces $75m to plug cybersecurity gaps

7:38 pm on 20 December 2021

The Ministry of Health is spending $75.6 million to protect the health system from computer hackers.

no caption.

Photo: vetdoctor/123RF

It said cyberattacks were increasing around the world and health was one of the most targeted sectors.

Over the next three years, the budget funding will help hospitals and primary and community health organisations improve their cybersecurity by protecting sensitive information and minimising the risk of disruption from cyberattacks.

Waikato DHBs computer systems were shut down in May following a ransomeware attack. Patient and staff information was stolen, surgeries had to be postponed, and some procedures were transferred to other regions.

All clinical services have now been restored at the DHB, but some computer systems were still not able to be used, the ministry said.

"Work is underway to review any cases where a patient's treatment had to be deferred."

Digital and data deputy director-general Shayne Hunter said planned improvements at national and regional level were crucial.

"Our health and disability system is critical national infrastructure that will only become more dependent over time on digital technology and information sharing across health networks," Hunter said.

"While it's not possible to fully eliminate cyber risks altogether, it's essential we improve the resilience of our health and disability system so we can minimise the risk of disruptions to healthcare services in the event of a cyberattack and better protect sensitive health information."

All 20 district health boards (DHBs) were already making progress on cybersecurity, Hunter said, but it was clear more needed to be done.

A 'cybersecurity roadmap' has been drawn up by the ministry and DHBs identifying areas of risk, and priorities for improvement.

It details essential cybersecurity capability expected for hospitals, primary care providers and community services, and will lead to national security standards and guidelines.

"The most serious cyber risks will be addressed first before further system wide cybersecurity improvements are implemented," Hunter said.

The roadmap plan includes improving identification and access systems, increasing security staff across the regions, upgrading systems and software, strengthening assurance and testing, and more use of cloud security.

"This will reduce the likelihood of another successful cyberattack, while laying solid foundations for further cybersecurity improvements and the secure implementation of new digital health technologies," Hunter said.

Get the RNZ app

for ad-free news and current affairs