Waikato DHB Cyber-Attack

Business owners must stay vigilant

On 19 May, a cyber-attack on the Waikato District Health Board brought down all hospital computer systems and phone lines. On 25 May, an unidentified group claimed responsibility for the attack and demanded payment from the DHB, threatening to release sensitive data about patients, staff and finances. The DHB and the government both refused to pay the ransom. Subsequently, a substantial amount of private information was posted on the dark web including staff data, payroll information, patient records and photographs.

This cyber-attack serves as another reminder for business owners to have effective cyber security protocols in place. Cyber-attacks are becoming more frequent and their disruption can cause significant cost to businesses.

It took the Waikato DHB over a month to restore its IT services, and it had to employ hundreds of additional IT experts to rebuild its systems. Health authorities had to inform more than 4,000 people that their personal information was breached and shared on the dark web after this damaging cyber-attack.

Following the Waikato DHB cyber-attack, the Chief Operating Officer at cyber security company, Safestack, Erica Anderson, was interviewed on RNZ. She explained that ransomware is "basically bad software [and] once it lands onto your computer it tries to do three things:

1. Lock down access to that computer

2. Spread to as many other computers as it can reach, and

3. Give you a popup telling you that you need to pay money to unlock your access."

She recommended that businesses invest time now to protect themselves rather than being in a situation where there is no access to systems combined with pressure to pay a ransom. She also highlighted the importance of regular backups.

"If you get infected [by ransomware], backups are a way for your business to fall back to a point in time where you weren't infected so that you can restore and get back to normal a lot faster."

With the increasing number of cyber-attacks worldwide, all boards and senior management need to take more responsibility to stay vigilant. Your business needs to be prepared.

For a DIY-level understanding of cyber-security, the Autumn 2021 edition of Fineprint has an article, 'Cyber security 101 for business' with a list of basic prevention measures.

If you have not done so already, we recommend hiring an IT advisor so that your business can have effective cyber security protocols in place.

DISCLAIMER: All the information published in Fineprint is true and accurate to the best of the authors' knowledge. It should not be a substitute for legal advice. No liability is assumed by the authors or publisher for losses suffered by any person or organisation relying directly or indirectly on this article. Views expressed are those of individual authors, and do not necessarily reflect the view of this firm. Articles appearing in Fineprint may be reproduced with prior approval from the editor and credit given to the source. Copyright, NZ LAW Limited, 2019. Editor: Adrienne Olsen. E-mail: adrienne@adroite.co.nz. Ph: 029 286 3650 or 04 496 5513.