Waikato DHB patient and staff data released on the dark web
Photo by: Nico El Nino/Shutterstock
Patient and staff data from the Waikato District Health Board appears to be out on the dark web, six weeks after its systems got hit by ransomware.
Today, New Zealand-based news platform RNZ said it was shown screenshots of alleged links to a directory of sensitive information, such as correspondence, medical records and financial data. It confirmed through an IT security expert that the file structure was indeed from the hospital group.
Waikato DHB has yet to issue a statement.
WHY IT MATTERS
According to the news report, this latest incident might be a retaliation to the hospital group's refusal to pay a ransom, which amount remains undisclosed. In early June, Chief Executive Kevin Snee said Waikato DHB will not make a ransom payment as it stands against extortion. Making the payment would not also resolve their problem.
This is the second time that sensitive information from Waikato DHB has been released following the cyberattack. On 26 May, several media outlets reported having received personal and patient information from the hospital group, although they refused to divulge them.
Privacy Commissioner John Edwards previously told the DHB to immediately notify and offer support to individuals identified in the leak. It was also tasked to actively monitor potential host sites of those data.
THE LARGER CONTEXT
Two weeks ago, Waikato DHB Kevin Snee said in an update that they still have a "great deal of work" to do to fully restore their services following the cyber incident on 18 May which had forced them to shift to manual processes.
Some of the restored services include diagnostics from laboratory and radiology services, recording and tracking patients as they move through the DHB's hospitals, and clinician access to patients' full medical information. Radiation therapy, meanwhile, is expected to run at "near-normal" capacity by now.