New Zealand’s Ministry of Health is investing $75.6 million to secure the health-care system against cyberattacks.
According to New Zealand’s Ministry of Health, cyberattacks are becoming more common around the world, with health-care being one of the most targeted sectors.
The budget funding will help hospitals, primary and community health organizations enhance their cybersecurity by protecting sensitive information and reducing the risk of interruption from cyberattacks during the next three years.
Following a ransomware attack in May, the Waikato DHB’s computer systems was shut down. Information about patients and employees was stolen, surgeries had to be rescheduled, and certain procedures were moved to other locations.
The DHB’s clinical services have finally been restored, but some computer systems are still unavailable, according to the ministry.
“Work is underway to review any cases where a patient’s treatment had to be deferred.”
Shayne Hunter, the Digital and Data Deputy Director-General , said that planned enhancements at the national and regional levels were critical.
Hunter said “Our health and disability system is critical national infrastructure that will only become more dependent over time on digital technology and information sharing across health networks,”
“While it’s not possible to fully eliminate cyber risks altogether, it’s essential we improve the resilience of our health and disability system so we can minimise the risk of disruptions to healthcare services in the event of a cyberattack and better protect sensitive health information.”
Hunter stated that while all 20 District Health Boards (DHBs) were making progress on cybersecurity, there was still much more to be done.
The ministry and DHBs have created a ‘cybersecurity roadmap’ that identifies areas of risk and priorities for improvement.
It outlines the critical cybersecurity capabilities that hospitals, primary care providers, and community services should have, and it will result in national security standards and guidelines.
Hunter said “The most serious cyber risks will be addressed first before further system wide cybersecurity improvements are implemented,”
Improving identification and access systems, increasing security employees across regions, modernising systems and software, strengthening assurance and testing, and expanding cloud security are all part of the roadmap plan.