ITP Techblog

Brought to you by IT Professionals NZ
Menu
« Back to Security & Privacy

No charges for Waikato DHB at this point

Paul Brislen, Editor. 30 June 2021, 3:44 pm

Patient data stolen from Waikato District Health Board in the recent ransomware attack has begun showing up online, but the organisation won't face prosecution by the Privacy Commissioner at this stage.

Privacy Commissioner John Edwards told Radio New Zealand's Morning Report that the data he'd seen was relatively hard to find but was clearly from the DHB's systems.

The DHB first reported it had come under ransomware attack last month and despite the CEO claiming it would be resolved "by the weekend" it took several weeks before Waikato's numerous hospitals and clinics were back online, during which thousands of patients had to wait to find out if their personal information had been leaked online.

And indeed that appears to have happened. Screenshots released to the media show directories that match Waikato DHB file formats and which indicate private patient and staff information is available within the folders contained.

Ransomware attacks are on the rise around the world with record numbers last year. Attackers seem more willing to target public institutions like hospitals in the hopes they will pay to keep personal information private and ransomware is now a bigger problem than online espionage.

However, advice is that ransoms not be paid for several reasons. Data that is returned may have been copied and shared publicly or on-sold anyway, there's no guarantee access will be returned to the owners of the attacked sites even if they do pay and there's no guarantee the attackers haven't left behind some kind of package that will create trouble further down the line, such as a keystroke logger recording credit card or financial information or even a way of locking up the victim's servers again at a predetermined time and date.


Comments

You must be logged in in order to post comments. Log In


Web Development by The Logic Studio