Waikato DHB cyber attack began with email attachment - chief executive

Services at hospitals across the Waikato continue to be disrupted after Tuesday's cyber attack.

On Tuesday morning, Waikato District Health Board (DHB) reported a "full outage" of its phone and computer systems, affecting services across the entire region "to varying degrees". 

The National Cyber Security Centre -  a division of the Government Communications Security Bureau - is now involved, trying to work out how it happened and how to stop it from happening again. 

Late on Wednesday morning, the DHB said all outpatient activity at its rural hospitals had been postponed, and some elective surgeries planned for Waikato Hospital in Hamilton had been deferred.

Nearly three-quarters of elective surgeries at Waikato Hospital are going ahead as normal on Thursday.

"This is a complex process which will take more time to resolve," the DHB said in a statement. "We currently have business continuity plans in place to keep our services running into the weekend."

Email attachment blamed

Waikato DHB chief executive Kevin Snee said on Wednesday morning it appears to have been triggered when someone opened an email attachment they shouldn't have. 

"That's our working hypothesis," he told RNZ.

The hackers haven't threatened to make patient records public - they just want money, he said, which wouldn't be paid. 

Patients at Waikato Hospital were wearing handwritten name tags and surgeons are exchanging physical copies of X-rays on Wednesday morning, according to Dave Macpherson, a member of the Waikato DHB board until the entire team was sacked by then-Health Minister David Clark in 2019.

He said their IT team was constantly upgrading things back then.

"The problem is the situation electronically is evolving all the time, and I guess they haven't kept up with what's needed to protect themselves against this sort of attack," he told The AM Show.

"The end result is they're scrambling to find pieces of paper and black pens. We actually saw someone walking past with a [handwritten] nametag, and that's how they're having to deal with it.

"We were warned about this risk probably about four years ago, three years, two years. Almost every few months we would get a new warning, a request for extra budget for more security procedures to be able to be put in place. That was always supported, but clearly, it wasn't enough. Because there's different computer systems even within the hospital and the DHB here as well as between DHBs, they haven't got a systematic protection in place nationwide I suspect."

He said Waikato Hospital isn't set up to work "old-style", and suspects others aren't either. 

"We had a bloke talk to us this morning whose wife was in for an elective caesarean - they're still going ahead with that procedure, it's just all in paperwork, handwritten nametags, things like that. They're still able to do things, but they're not able to do anywhere near as much as before."

Dave Macpherson.
Dave Macpherson. Photo credit: The AM Show

Impact on neighbours

The Bay of Plenty DHB has asked people not to show up to hospital if it's not an emergency.

"There is a need for us to take some patients to be cared for at Tauranga and Whakatāne hospitals that would otherwise be cared for at Waikato Hospital," said acting chief operating officer Bronwyn Anstis.

"Patient care is our top priority and we are doing all we can to assist our colleagues at Waikato DHB at this time. To help us with this we would like to ask people to please only present at our emergency departments if it is an emergency... Examples of non-urgent conditions include minor injuries without a significant wound, throat infections, abdominal pain, headaches, vomiting or diarrhoea."

Not a surprise

Prof Robin Gauld, director of the Centre for Health Systems and Technology at the University of Otago, said the ease with which hackers took over wasn't a surprise.

"Having disparate IT systems across the country's 20 DHBs is not helpful, which has been highlighted in many reports and stocktakes over the years, and more recently brought into stark relief by the COVID-19 pandemic. We need to have national IT systems and national security systems to deal with this kind of cyber threat."

The Government is scrapping the DHB system over the next few years. 

Snee told RNZ a lot has been done in the past year to upgrade the Waikato DHB's computer security, and he expects everything to be working again by the weekend.

"We're always trying to stay one step ahead and sometimes the hackers get ahead of us."

Vimal Kumar, senior lecturer and head of the Cyber Security Lab at the University of Waikato, told Newshub an attack like this was a "matter of when, not a matter of if". 

"Not just the DHBs - a lot of our organisations in local government, they're all vulnerable because there is a lack of investment in this area, a lack of knowledge of how to protect against some of these threats."