Post cyber-attacks: NZ hospitals inch towards normality while JBS gets there

The DHB was victim of a ransomware attack on 18 May; JBS of what it describes as a criminal cyber-attack on 30 May. 

In a 3 June update, Dr Snee said: “With the appropriate safeguards now in place, we’re now focused on reinstating our key systems so we can move towards having improved digital capability by the end of next week.”

Outlining the scale of the task faced by IT staff, Waikato’s DHB said it has several hundred servers, many major network sites and many thousands of workstations and numerous mobile devices and specialist medical equipment. The board is working with international specialist services to systematically test and secure all devices and systems before each one is reinstated.

“It’s important to remember that while we’ve made significant progress this week and are continuing to work at pace, it will be some time before we are operating at full capacity,” Dr Snee added.

For example, management hopes to have computer-based diagnostic service available next week.

In the meantime, health staff are providing as full a service as possible, but some procedures and appointments are being postponed.

The DHB serves a population of 425,000 in the northern portion of North Island with five hospitals (one of which is a teaching hospital), two continuing care facilities, a mental health in-patient facility, community-based services, public health services and clinical services.

In the aftermath of the cyber-attack, New Zealand’s privacy commissioner John Edwards warned that the hackers are likely to further publish and circulate the information after sending samples to media organisations in the country, and advised people to do the right thing if they receive any data from the DHB breach.

“The information that has been taken is likely to be sensitive personal information. This is likely to be causing a great deal of anxiety to the people affected.

“It is vital that people respect the personal information of others. Treat the information as you would expect others to treat yours … If you receive personal information which is about other people, you should inform the ministry of health and NZ police,” he said.

Elsewhere, JBS said all of its global plants – and those of affiliate, poultry producer Pilgrim’s – are fully operational after resolution of the cyber-attack.

“The company’s swift response, robust IT systems and encrypted backup servers allowed for a rapid recovery. As a result, JBS USA and Pilgrim’s were able to limit the loss of food produced during the attack to less than one days’ worth of production,” the Colorado-based company said.

Any lost production will be fully recovered by the end of next week, it added.

In response to the attack, the company shut down computer systems and temporarily laid off thousands of employees. Operations in Australia and North America were worst affected.

“The criminals were never able to access our core systems, which greatly reduced potential impact,” said Andre Nogueira, CEO of JBS USA.

The company added it is unaware of any evidence that any customer, supplier or employee data has been compromised or misused as a result of the incident.

The FBI has attributed the attack to REvil, a Russian-speaking gang that has made some of the largest ransomware demands on record in recent months, AP news service reported.

White House spokeswoman Jen Psaki said the US is considering all options in dealing with the attack. “We are raising this through the highest levels … The President certainly believes that President Putin has a role to play in stopping and preventing these attacks.”