The information services system at Waikato District Health Board, one of New Zealand's North Island DHBs, went dark last week after getting hit by a cyberattack. 

WHY IT MATTERS

On 18 May, Waikato DHB reported a "full outage" of its information services, affecting all clinical services across its five hospitals – Waikato, Thames, Tokoroa, Te Kuiti and Taumarunui. Its main landline number also went down that day.

The following day, it disclosed that the government agencies investigating the matter were working on a theory that the attack might have come initially through "an email attachment", or a phishing scheme.

Some elective surgeries were deferred, while a number of outpatient clinics were reduced, including cardiology, maxillofacial, dental clinic and dermatology. 

In a weekend update, the hospital network said it has "functioned well and [is] coping with demand." In a statement today, Dr Kevin Snee, Chief Executive of Waikato DHB, also noted "good" progress in bringing its systems back online with staff being able to manage their workloads. About 75% of the normal activities at its emergency department have been resumed.

Over the coming weeks, Waikato DHB expects work to continue, while it restores services using a "carefully phased" approach. During the recovery phase, it will re-book patients whose appointments were postponed, as well as manually log patient information into its systems.

"Our focus is on ensuring our patients receive the care they need as soon as possible. This could include additional weekend clinics or surgery, as well as support from other DHBs or from private providers," it said.

The hospital network said it will take "some time" to remediate and investigate the "significant" cybersecurity incident. "We have a substantial team of specialists working around the clock to bring the DHB’s services back," the organisation added.  

In another update today, Dr Snee said that the group was not able to process wages for staff as its IT system remained offline. A "large number" of staff were underpaid or not paid, he said, but a contingency plan was put in place.

"We were in touch with the banks immediately and requested that they honour all staff automatic payments. Any fees associated with such automatic payments will be paid by the DHB," Dr Snee said.

THE LARGER TREND

Two separate cyberattack incidents were reported in the US and Ireland this month. Scripps Health in California suffered a network-wide outage on the first day of the month due to a malware attack on its information system. Ireland, on the other hand, has temporarily shut down its health service IT system after a ransomware attack on 14 May.

Before the Waikato DHB IT system shutdown, ransomware hit the internal tech system of UnitingCare Queensland in Australia, leading its hospitals and nursing facilities to work from paper-based operations.

ON THE RECORD

“While we continue to resolve this situation, our staff have shown their ability to adapt to an unprecedented situation and keeping patient care at the front of mind,” Dr Snee said in a statement on 23 May.

"Investigations into this type of cybersecurity event are challenging and complex. Waikato DHB continues to engage with experts across both the government and private sector including world-leading specialists," Waikato DHB said in the same statement.