Waikato DHB cyber attack a matter of when, not if - experts

Experts say it's not surprising cyber attackers have targeted New Zealand's health system, saying there has been a lack of investment in security over the past few decades.

And a recent payout to hackers in the US who crippled an oil pipeline company might have emboldened them. 

On Tuesday morning, Waikato District Health Board (DHB) reported a "full outage" of its phone and computer systems, affecting services across the entire region "to varying degrees". Later that day the National Cyber Security Centre -  a division of the Government Communications Security Bureau - got involved.

The DHB hasn't said what kind of attack it was, but chief executive Kevin Snee has alluded to it being a ransomware attack. 

"In this sort of attack, the attacker manages to get some of their software onto the victim's network and this encrypts files, making them unreadable," said  Dave Parry of the AUT Department of Computer Science.

"The attacker then offers to give the victim the key to unlock the encryption in return for money - usually in the form of bitcoin or other cryptocurrency. If the victim doesn’t pay, then they will normally shut down access to systems, check for the attacker’s software and delete it."

Brett Callow, a threat analyst with New Zealand-based cybersecurity company Emsisoft, told Newshub there has been an increasing number of ransomware attacks lately. 

Cyber-criminals recently caused fuel shortages across the US east coast after taking down IT systems for Colonial Pipeline, which supplies nearly half of the region's petrol and diesel. And Ireland's health system has been targeted twice in the past week, causing "substantial cancellations across outpatient services".

"Health systems cannot afford downtime - it's essential they're available in order to treat people," said Callow. "The hackers know that, and believe it maximises their chances of a payout."

It's not clear how much the criminals might be demanding from Waikato DHB, if it is indeed a ransomware attack, but Callow said hackers who recently hit the US public school system demanded US$40 million.

Colonial Pipeline paid US$5 million to get its systems back online. 

"This will probably have encouraged attacks by the same gang or similar ones," said Dr Parry. "Government agencies very rarely pay ransoms, but health systems are always tempting targets because they are so high-profile."

Snee told Stuff no ransom would be paid

"Even if the money was paid, it would still take time for the hospital to recover its systems," said Callow. "Attacks are extremely difficult to recover from. Organisations can usually restore their base functionalities really quickly, but fully recovering all their systems can take a long time." 

But it can be done, using backups.

"Normally very little data if any is lost," said Dr Parry. "Generally, once the attack software is identified, the DHB can set up its firewall and other security software to identify it and not allow it to run on the network. 

"The complexity of DHB systems and the relatively small IT teams can make the shutdown/clean/startup process very demanding - they will be getting help from the rest of the health system and Government. It would be reasonable to expect critical systems to be up and running again in a day or so at most."

Vimal Kumar, senior lecturer and head of the Cyber Security Lab at the University of Waikato, told Newshub an attack like this was a "matter of when, not a matter of if". 

"We lack investment in this area... It seems like a lot of the time people think with New Zealand being so far from the rest of the world we're somewhat safer. It gives us a sense of security... that has contributed to the sense of 'she'll be right'."