Now been updated to include 'cyber security incident'

https://www.stuff.co.nz/national/125163367/cyber-security-incident-creates-full-it-outage-at-waikato-dhb-hospitals

Colonial pipelines forked over $5M USD, I doubt anyone will get much out of a DHB....

Hopefully things can be restored from backups....

Anyone got bets on the aftermath of this revealing that the hospital system is awash with old machines running unpatched or uncatchable OS versions....  ( Although its probably much more widespread than that)

wellygary:

 

Colonial pipelines forked over $5M USD, I doubt anyone will get much out of a DHB....

 

Hopefully things can be restored from backups....

 

Anyone got bets on the aftermath of this revealing that the hospital system is awash with old machines running unpatched or uncatchable OS versions....  ( Although its probably much more widespread than that)

 

In the ransomware attack that got the UK hospital, they still had things not fully back up and running 7 months later.  It may not be as easy as just restoring from backups...

wellygary:

 

Colonial pipelines forked over $5M USD, I doubt anyone will get much out of a DHB....

 

Hopefully things can be restored from backups....

 

Anyone got bets on the aftermath of this revealing that the hospital system is awash with old machines running unpatched or uncatchable OS versions....  ( Although its probably much more widespread than that)

 

Yea and the decryption tool they got didn't work or was too slow, so they ended up restoring from backups anyway!

Hmmm - you have to wonder what steps they took after the last major incident.

https://www.stuff.co.nz/technology/3171006/Computer-virus-cripples-Waikato-DHB 

They have a track record on their IT platform decisions.

Waikato DHB's $26m IT blunder highlighted in new report | RNZ News

""
A damning report by the Auditor-General has found Waikato District Health Board bosses flouted their own procurement rules in contracting a California-based IT company to create a virtual doctor tool.

""

Poor choices on CEO's and absent board oversight.

billgates: Does not sounds good. Ransomware most likely.

This ^^^^^^

It is definitely ransomware.

Waikato have an appallingly bad IT system from talking to people in the public health sector. 

Spoken with someone in the CDHB at least they're running the latest crowdstrike AV package. 

I found out DHB's do not have any form of coherent interoperability between the regions. Ironically might have saved this going nationwide.. But if you see a Dr in Auckland and you're from Christchurch the Auckland Dr can't just log into an app and see your details, they have to be manually faxed (!!) through apparently!?

Pricks, why target a hospital if you are going to do it target a bank or something.

wellygary:

 

Hopefully things can be restored from backups....

 

Anyone got bets on the aftermath of this revealing that the hospital system is awash with old machines running unpatched or uncatchable OS versions....  ( Although its probably much more widespread than that)

 

Don't know about Waikato (I don't expect it would be very different), but other DHBs I worked at were diligently working towards getting rid of their legacy PCs (there was one old WinXP machine that just couldn't be got rid of for some reason, the rest were all Win10), and generally were very up-to-date with OS patches and anti-virus. And they had firewalls and so on that were current and run effectively. So I'd take your bet wrt to "awash with old machines". :) I do wonder how they were penetrated... my bet would be a USB stick.

I guess the phones were all VoIP, and/or an exchange running on a PC, hence losing all the phones with the network outage. But I'd expect they would have had alternative systems in place in case of network loss.

My experience, not only at DHBs, is that organisations are generally very diligent about making backups, with multiple generations and off-site storage. What they *never* do is attempt a restore, or to run on their backup servers. And, too often, they find that when they desperately *need* a restore, all the backups have been written to write-only memory.

I wonder how much of the hospital's systems were in the Cloud, which is the flavour of the month panacea, and hence liable to loss when the firewall was (I assume) shutdown to limit the damage.

All the politicians come across as right plonkers, gushing fluff & BS to fill a couple of column-inches. "[Labour MP] Strange said they had heard in the past two weeks there had been a number of threats aimed at health institutions around the world in terms of cyber security". Really? So what? "[National MP] David Bennett said when National was in Government it tried to reform the system, as the current Government was doing, to create a stronger and better computer system." Which is absolute bollocks, and designed to try to take the credit for what Labour is actually doing. "Hamilton City councillor Dave Macpherson said he thought some electronic equipment in radiology would be affected as well as some patient monitoring systems. “It will be the higher tech stuff.” ".

An interesting article about an attack on a Norwegian company describes how these things should be managed:

https://itwire.com/security/norwegian-firm-shows-how-ransomware-attack-should-be-handled.html

JaseNZ:

 

Pricks, why target a hospital if you are going to do it target a bank or something.

 

I doubt there was much "targeting" it will simply be a package that had been widely distributed or emailed and someone has clicked a iink or run a infected programme via USB stick etc..