The Bay of Plenty District Health Board has been forced to protect itself from cyber-attacks from Russia and the Ukraine
Newshub can reveal the small DHB is fielding up to 864,000 potential cyber attacks per day - that's as many as 10 a second.
Bay of Plenty DHB is specifically protecting itself from what it calls "sources of high-levels of cyber attacks", naming Russia and the Ukraine as examples.
The DHB's chief executive told staff in an internal email found by Newshub the attacks were "putting patients at risk".
In the UK last year, hospitals were crippled when computers were infected with ransomware, throwing the entire health system into crisis.
In New Zealand the Ministry of Health has been fighting off up to 1.7 million attacks a week - about three times fewer than the BOP DHB.
A cyber security expert, Tom Moore of Aura, says hackers tend to target smaller organisations because they're an easy target.
They target the weak links to find anything they can sell, he says.
"Either intellectual property or maybe health records or anything they can sell on the dark net."
The large number of attacks have prompted the DHB to implement phishing exercises to test staff on their cyber security awareness.
The DHB's IT team has been testing staff with fake emails to see if they click on dubious links that would let hackers in.
But staff are routinely failing. BOP DHB chief executive Helen Mason said in the staff newsletter that more than 100 staff failed - clicking on the link and inputting their personal details.
"Disappointingly I have to report that over 100 staff failed the last test, going into the link provided and inputting their details."
She said in a statement to Newshub they "take this threat very seriously and continuously look to ways of heightening cyber awareness and cyber safety amongst our 3300-plus staff".
Newshub asked David Clark, the Health Minister, for an interview, but his spokesperson initially refused to pass on the request.
Dr Cark later issued a short statement:
"Cyber-attacks are an unfortunate reality for any major institution, but are of particular concern for DHBs where patient safety and patient data security are paramount.
"My clear expectation is that DHBs have appropriate protection in place for their computer networks and patient data."
National's Shane Reti says the minister isn't taking it seriously enough.
"I think the minister's dropped the ball on this," he said. "It's disappointing that he's trivialising what is a really important issue."
Michael Dreyer, acting chief technology and digital services officer at the Ministry of Health, said: "Post WannaCry, the ministry has put additional resources into cybersecurity – including an extra three IT security specialists."
Newshub.
