Waikato DHB's five hospitals including Waikato Hospital in Hamilton were severely impacted by the cyberattack in May. Photo / Alan Gibson
Waikato DHB's five hospitals including Waikato Hospital in Hamilton were severely impacted by the cyberattack in May. Photo / Alan Gibson
Waikato DHB took almost nine hours to tell the public its servers had crashed and all its applications had disappeared after a serious cyberattack brought its five hospitals to their knees in May.
The Waikato DHB first became aware its IT servers for Waikato, Thames, Tokoroa, Te Kuiti and Taumarunui hospitals had gone down at 2.40am on May 18 when monitoring systems sounded the alarm to the on-call engineer.
A review of the outage - later described as the biggest security attack in New Zealand's history - was quickly undertaken and the full scale of the problem determined before Waikato DHB chief executive Kevin Snee was told at 5am, according to information provided under the Official Information Act.
Meanwhile, Waikato staff were turning up to work several hours later unable to log into their computers and they were still in the dark about the chaos that was unfolding around them, doctors and nurses told the Herald at the time.
Clinicians were left attempting to treat patients without access to the majority of their devices while IT experts and managers tried to figure out what had happened.
Clinical services at the region's hospitals were sent into disarray as they were unable to do even the most basic things such as send emails, phone different departments, access patient notes or check appointments.
Another three hours after Snee was told, Waikato DHB commissioner Dr Karen Poutasi had the news broken to her that the DHB had gone offline, according to DHB's executive director of digital enablement Mike Foley.
Waikato DHB chief executive Kevin Snee and executive director of hospital and community services Chris Lowry update media in May about the cyberattack. Photo / Nikki Preston
And one hour after that, at 9am, staff were sent a text telling them the DHB's information services were down with a full outage due to a "virus", the OIA response shows.
The text warned staff IT systems could be out of action for 24 hours-plus. The emergency department was only open for urgent services and outpatient services were also limited.
The hospitals' landlines were also dead.
At this point, patients were arriving at the hospitals for various morning appointments or to visit patients, also unaware that the DHB's entire IT system had effectively been unplugged.
Just before 11am the DHB posted a note on social media about the "IT outage" and an hour after that a press release went out.
The Co-ordinated Incident Management System had been established to resolve the situation as soon as possible and it was investigating the cause of the outage, the release said.
In the weeks following, the hackers held the DHB to ransom and later put up confidential staff and patient documents relating to 4200 people on the dark web.
Documents were also leaked to the media as a way of trying to tease a ransom out of the government.
The OIA response was provided to the Herald four months after it was requested on June 1 and a number of questions remain unanswered.
Snee previously told media it was counting the costs of the attack, but the DHB is now refusing to reveal exactly how much it is because it wants to "avoid prejudice to measures protecting the health or safety of members of the public and measures that prevent or mitigate material loss to members of the public".
It also won't provide details on the number of, or nature of communications received from the hackers or the sum of money they demanded.
The DHB also does not have a record of the number of staff who resigned as a result of the attack which brought many staff, including ED nurses, to tears, according to the response.
A number of external investigations into the attack remain ongoing.
