Restricted health care remains the norm in part of New Zealand more than a week after a ransomware attack knocked out a hospital provider’s online systems in what has been described as the country’s largest ever cyber-attack.

Some surgeries and clinics at the five hospitals run by Waikato District Health Board (DHB) have been postponed and people are being asked to stay away from emergency departments unless it is an absolute emergency. Cancer patients requiring radiation treatment were being sent to private hospitals elsewhere.

Staff at the Waikato DHB in the northern portion of New Zealand’s North Island have resorted to using manual systems.

Hospital and community services director Chris Lowry said there is concern from clinical staff about how they would handle new referrals. Patients may be sent to Australia, Lowry said.

IT experts are trying to restore the board’s systems following the 18 May attack. “Staff are working around the clock to return us to business as usual. Due to the complexity of the incident, we are unable to say when this will be,” the board says on its website.

The message states: “Patient care and safety remains our priority.”

A group claiming to be responsible for the incident has sent what it says is confidential patient notes, staff details and financial information to journalists.

“We have a lot of personal info,” a self-proclaimed hacker emailed media organisations in New Zealand early this week. “We give them 1 more chance to contact us. 1 more day.”

Radio New Zealand reporter Phil Pennington has reviewed the documents and says they appear to include recent data on staff numbers and names, financial records, contracts and complaints, as well as sensitive patient information. Among the files are screenshots identifying hundreds of patients and staff and some documents contain diagnoses and medical information.

“It would be a very big exercise indeed to fake something like this. It does appear that they do have sensitive patient information … there is a lot of it,” he said.

The alleged hackers say they have deleted most of the backups but could help restore the systems if the DHB responds.

They also said they have not yet heard back from the health board. “They decided to ignore us and torture their employees and patients. It is only their fault that DHB is still offline,” the New Zealand Herald quoted the group as saying.

The newspaper passed the email to the police who are assessing it.

Health minister Andrew Little said: “Ransomware attacks are a crime. The New Zealand government will not pay ransoms to criminals because this will encourage further offending.”

Waikato DHB’s chief executive Kevin Snee declined to say whether there had been any communication between the health care provider and hackers, or on whether patient information had been accessed.

As a precaution, the board is advising current and former patients to be very wary of unsolicited communications claiming to be from it.

The DHB is working with cybersecurity experts, the Privacy Commissioner, police and National Cyber Security Centre on the incident.

Snee said he expects there will eventually be an independent review to establish why the whole system crashed.


To hear how this breach could have been prevented, make sure to register to PrivSec Global to hear industry leaders share their insights and best practices on cyber security and more.