Waikato cyberattack: Servers in question not culprit, DHB says – RNZ

A set of Waikato District Health Board servers were at end-of-life and unpatched when hackers struck in the early hours of 18 May, a source claims.

Waikato District Health Board outage after cyber attack.

A sign at Waikato Hospital in May.
Photo: RNZ / Andrew McRae

And decisions that led to the poor security and ailing system were financially motivated, claimed the source close to Waikato DHB.

However the DHB said the particular servers were not a contributing factor in the cyber attack.

The information comes as those responsible for the ransomware attack dumped large tranches of the DHB’s private patient and employee details on the dark web on Tuesday, six weeks after the hack crippled services across five hospitals including Waikato.

The massive privacy breach shows swathes of files that contain personal and highly sensitive information about patients and employees.

The source claimed servers containing Human Resources Information System (HRIS) data based in Caro St, Hamilton, had not been patched for years.

Server patching refers to the installation of critical software updates in IT security to a server, when a software update is released.

“The Waikato DHB was relatively up-to-date with patching with the exception of Caro St,” the insider said.

Compounding the problem was that the Caro St servers were at end-of-life, which meant they were unsupported, the source claimed.

“The underlying infrastructure hosting these servers became ‘end-of-life’, out of support, and subsequently no security or patches were applied to this equipment.”

It’s understood the DHB had been migrating its information systems to a cloud host based in Auckland.

Migrating the HRIS servers from Caro St to the cloud was initiated in January this year however due to risk the DHB brought on consultants to manage the project, the source said.

It’s understood different departments within the DHB have separate IT budgets, and the source claimed the estimated cost of this project blew out to more than $1 million for the Human Resources department.

The migration did not continue due to budget and the servers remained unpatched, the source said.

“The hackers would have obviously exposed a vulnerability within the system and exploited that. I suspect Caro St was that point of vulnerability.”

In 2018 the DHB initiated a tender process for renewal of HRIS, which at that stage was 17 years old, documents show.

The tender asked for a solution that would make the HRIS fully compliant with the New Zealand Information Security Manual and specifically in relation to the management of role-based security, including providing improved adherence to security.

Almost $460,000 was spent for the renewal preparations across the 2018/2019 financial year, an OIA response from last year shows.

National’s health spokesperson Dr Shane Reti said by June last year the renewal project had been listed as “red status due to technical and resourcing issues”, impacting the time, cost and scope.

He said the DHB’s risk and impact register from the past 12 months showed HRIS software as a “highly probable risk with severe impact”.

A DHB spokesperson said it had been confirmed HRIS servers were not a contributing factor to the breach of security.

He said the migration of the applications at the Caro St site was largely completed prior to 18 May and they had now all been moved.

Exactly where the vulnerable point was and how the hackers found it is still unclear.

Hackers use a number of techniques including macros (bits of code) in emails, word documents and PDFs to get into a system, as well as port scanners to detect possible access points for infiltration and to identify what kinds of devices are running on the network, such firewalls, proxy servers or VPN servers.

In a statement on Tuesday night the DHB confirmed stolen information had made its way onto the dark web.

“While we had hoped this would not occur, the DHB was aware of the risk and had been preparing and working closely with cyber security experts to identify and manage any potential disclosures.

“Unfortunately, predicting the actions of cyber criminals can be challenging, however, we are monitoring the situation as closely as possible to protect our community.”

Minister of Health Andrew Little told Local Democracy Reporting the Ministry of Health had information standards that DHBs were expected to comply with.

“This includes keeping up with basic maintenance. There will be an independent inquiry into the Waikato DHB cyberattack which I expect will commence once services are fully restored.”

Many services including critical patient treatments such as radiation therapy have been restored but Local Democracy Reporting understands some Waikato Hospital departments face a backlog in patient care because of the delays caused by the attack.

IT security expert Daniel Ayers said if the DHB had servers that were no longer supported it meant the software would have been very old.

The forensic IT investigator said he couldn’t understand why an investigation into the cause of the hack had not already begun.

He said the threat of cyber security incidents within health was widely publicised from 2019 and that the attack at Waikato DHB was preventable.

Under Rule 5 of the Health Information Privacy Code, an agency must ensure health information it holds is protected by reasonable security safeguards against loss, access, use, modification, disclosure or other misuse.

Privacy Commissioner John Edwards said Waikato DHB must notify all individuals whose details were included in the data published on the dark web, and take steps to prevent further distribution of the information.

“If somebody has suffered loss or considerable distress as a result of having their information included in the hack, and it can be shown that the DHB failed in its duty to take reasonable care, then the Waikato DHB could be liable.”

Edwards said there was a risk the data dump could result in serious harm through identity theft and people fraudulently obtaining credit.

He encouraged anybody concerned about their personal information to get a credit freeze or suppression of their information, which would stop their credentials being used to open credit contracts.

no metadata

Local Democracy Reporting is a public interest news service supported by RNZ, the News Publishers’ Association and NZ On Air.

Source of this news: https://www.rnz.co.nz/news/ldr/445928/waikato-cyberattack-servers-in-question-not-culprit-dhb-says

Related posts:

Roblox Teleport Failed Error Codes 769, 770, 772, 773 on Windows PC - TWCN Tech News
If when you try to use the Roblox Teleport Function to teleport in Roblox the online game platform on your Windows 11 or Windows 10 computer, but you receive any of the following Error Codes 769, 770...
Apple Kills Open Rate Metrics – Focus on Link Analytics Instead - Business 2 Community
Apple has positioned itself at the forefront of consumer privacy over the years. The company can always be relied upon to deploy new tweaks and improvements with data protection in mind. While this i...
NuCypher (NU) Skyrockets 590% As we speak: What's The Reason For Such A Crispy Jump? – Own Piece of ...
Today, NuCypher showed record growth one day – 590%: from a minimum of rate of $ 0. 290181 to a new ATH of $ 2 . 61. NuCypher is a layer attached to encryption and data insurance for Ethereum an...
Remote Access to Shared Storage: VPN vs. Remote Desktop - Sports Video Group
Story Highlights There have been a lot of changes to production workflows since 2020. Creative teams had to adjust to working from home, and in many cases this was done by spinning up (sometimes hast...
Court Awards Proxy Server Connections $7. 5M In IP Win Over Rival - Law360
By Sawzag Simpson (November 5, 2021, 11: 47 PM EDT) -- A Texas federal government jury ruled that a Lithuania-based proxy server network managed knowingly infringe patents toted by an Israeli pla...
The Southpaw Advantage - FanGraphs
Editor’s Note: An abridged version of this study appeared at FiveThirtyEight on August 17, 2020 under the title “What Really Gives Left-Handed Pitchers Their Edge?” Left-handed pitching has long bee...
GL Enhances Session Initiation Protocol Emulator - GlobeNewswire
GAITHERSBURG, Doctor., April 14, 2022 (GLOBE NEWSWIRE) -- GL Mailings Inc., a global leader around telecom test and measurement answer, addressed the press considering their enhanced MAPS™ Session...
That Do Companies Use Proxy server? - Cardiff - Wales247
Decision-making function businesses is a data-driven concern. Companies monitor their competitors’ moves and websites distinguish what they can change in their when working. They also collect dat...
CircleCI server 3. 2 creates enterprise teams to secure fit environments - Help Includes Security
CircleCI announced insights and superior installation features to their self-hosted server offering. CircleCI’s self-hosted server tool offers software engineering squads the ability to scale...
How to install Clipgrab on Linux Mint 20.1 to download videos - H2S Media
Well, here we see how to install and use Clipgrab on Linux Mint 20.1, Ubuntu 21.04/20.4/18.04 including Debian, Elementary OS, Kali, MX Linux, and others. Also, learn the steps to create its desk...
Analytical Bug Reported in NPM Package With Millions of Downloading Weekly - The Hacker News
A traditionally used NPM package called ' Pac-Resolver ' for this JavaScript programming language may remediated with a fix for a high-severity remote code completion vulnerability that could...
Install and setup Plex Media Server on Ubuntu 22.04 LTS - Linux Shout
Learn the simple commands to install Plex Media Server on  Ubuntu 22.04 LTS Jammy JellyFish for creating your streaming server. Plex was started as a hobby project but with time, it develope...
Top Cloud Computing Jobs in India to Apply This November - Analytics Insight
You can apply for these cloud computing  jobsCloud computing is the delivery of different services through the Internet. These resources include tools and applications like data storage, servers...
What to do if the camera keeps spinning in Valheim - WindowsReport.com
by Sinziana Mihalache Author Sînziana loves getting people to better understand products, processes, and experiences beyond a simple user guide, either in writing or making use of images...
3 Easy Steps to Hide Your Geo Location - GISuser.com
Reasons to Learn How Do I Hide My Geolocation? At present, Internet users often face difficulties while trying to access a certain resource or perform necessary action. Governments aim to restrict c...
Charting a slow-motion breakout: S&P 500 challenges 3,700 mark - MarketWatch
Editor’s Note: This is a free edition of The Technical Indicator, a daily MarketWatch subscriber newsletter. To get this column each market day, click here. Technically speaking, the U.S. benchmarks ...
How to Install VS Code-Server on AlmaLinux | Rocky Linux 8 - H2S Media
Install Code-Server on Almalinux 8 or Rocky Linux 8 server to run VS Code using Web browser with the help of command terminal and script. Microsoft Visual Studio Code is a free editor for various...
iOS 15: Here are the new privacy and security upgrades you'll get - Tom's Guide
Apple has tossed a lot of privacy and security upgrades into iOS 15, including on-device speech recognition, a code generator for two-factor authentication and an email feature that masks your networ...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30