Northland health officials not talking about cyber security after attack on Waikato District Health Board

Northland District Health Board will not talk publicly about cyber security at its public hospitals and other services.

Northland District Health Board won't discuss its cyber security arrangements publicly - or even if it has been subject to a cyber attack - after a debilitating attack on the Waikato DHB's computer system.

A group claiming to be responsible for the Waikato DHB cyber attack last week claims it has accessed confidential patient notes, staff details and financial information.

The WDHB's entire system crashed last Tuesday during a cyber attack that has been described as "the biggest in New Zealand's history".

Some surgeries and clinics at the DHB's five hospitals have been postponed and people are being asked to stay away from emergency departments unless it is an emergency while experts try to get the system up and running again, something that is unlikely to happen this week.

The group claiming responsibility for the hack say the hijacked information includes personal information - including financial information - of staff and patients.

The attack has patients on edge, worrying if their private information will be released publicly.

WDHB chief executive Kevin Snee said he would not comment on the email made by the group claiming responsibility for the cyber attack because it was a matter for police.

There was a plan in place if information were made public.

After the attack the Northern Advocate approached NDHB asking questions in relation to its cyber security, in an effort to reassure the Northland public that their personal information is secure.

But the DHB declined to answer, saying only: ''We are aware of the situation at Waikato DHB and are monitoring it closely. Our policy is that we don't comment publicly on matters relating to information security. However, we take the protection of data and systems very seriously and we have measures in place to safeguard information.''

The Advocate was not happy with that response, and then asked a series of questions under the Official Information Act. The DHB had passed the questions on to its OIA team to look at.

Here is the Advocate's OIA request to NDHB

I believe the issue of cyber security is important for the DHB, given the attack on WDHB, and the sensitivity of information held by NDHB.

I believe Northlanders, all NDHB clients, have a right to know that their DHB has adequate cyber security in place.

What processes does NDHB have in place to protect itself from such cyber attacks?

The WDHB attack may have been started by a staff member opening a link on an email. What advice does NDHB give to its staff about email and attachments/links etc?

Has NDHB been targeted in a cyber attack in the past two years?

If so can you say how many times and what the attacks were (malware, ransomware etc)?

What was the cost to NDHB of fighting any such attacks.

Have any of the attacks successfully infiltrated NDHB's system?

If so what were the nature of the attacks and what disruption or issues did they cause?

Was patient information compromised or accessed?

Given that health information is very sensitive how important is it that a DHB has a computer system that cannot be hacked?

Any other comment would be greatly appreciated?