Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search


Is New Zealanders’ health information safe from attackers?

Is New Zealanders’ health information safe from attackers?

July 13, 2017

Recent cyber-attacks have shown that Kiwis’ health information is vulnerable and at risk and a global expert says that it's a matter of when not if the next attack will occur.

Microsoft’s worldwide health chief information security officer Hector Rodriguez, says healthcare organisations are extremely vulnerable as cybersecurity is not their main specialty.

Rodriguez, from Washington state, will be a key speaker at the New Zealand cyber security health symposium in Auckland on August 1. The event is being organised by NZ Health IT and Health Informatics New Zealand. The safety of Kiwis’ health records will be pivotal to discussions at the event.

He says Kiwis cannot pass the buck onto their IT department, management or board as it’s up to every individual involved in the health system to take responsibility for the safety and security of the health information that they are entrusted with.

This starts in the health worker’s home and goes right through to their workplace. Finger pointing after an attack is too late and unacceptable as there is now plenty of information and support in place to make sure that Kiwis’ and all health organisations are operating up to date cybersecurity programmes, he says.

New Zealand health organisations should not be complacent in preparing response plans for cyber-attacks, Rodriguez says. People need to be far more aware of the risks of attack and what they have to be doing to prevent them.

“Hackers are smart but also lazy and they go after easy targets. Health groups should not make themselves easy targets. They should begin to adopt a more comprehensive cybersecurity posture that starts from within, leverage the work by their trusted IT vendors and employ layered security to make it more difficult to be attacked,” he says.

Rodriguez says when a care organisation is cyber-attacked the reality is that the provider and patient experience declines, care outcomes are compromised, additional costs are incurred, and unfortunately patient’s lives are put at risk.

“Healthcare organisations should have an up-to-date incident response plan that they practice during the year as part of their business recovery or disaster recovery training. Everyone should be involved in the plan.

“They should also adopt and implement a timely risk assessment approach and not rely on an audit to tell them they’ve been breached. Good risk management and cybersecurity hygiene enables an organisation to constantly understand threats, reduce their attack surface, and when attacked avoid paying ransom by isolating the attack, recovering quickly and continuing to take care of their patients.

“The biggest global issue is two-fold. Firstly, hackers don’t care about the potential damage to human lives and secondly organisations still believe that not using cloud technology means it won’t happen to them.

“Cyberattacks can happen to any organisation and while data has value, the attackers aren’t just after the data. They are looking to collect quickly and move on.”

A recent global cyberattack using hacking tools crippled the United Kingdom’s national health service (NHS) and Rodriguez took a close look at the Wannacry virus and Microsoft took the unprecedented but critical step of issuing an immediate update to software that was out of support, unpatched, and end-of-life. But the lessons learned were more in-depth.

“We saw that hackers went after the easy, vulnerable targets like the UK NHS. This was a commodity attack, meaning that it wasn’t about just healthcare or the data, the attackers were after a quick pay-day.

“We also learned that adopting modern cybersecurity practices are a key to thwarting attacks and healthcare organisations are still running software that is 20 plus years old to solve modern healthcare and cybersecurity challenges. That does not add up,” he says.


© Scoop Media

Business Headlines | Sci-Tech Headlines


Crown Accounts: Slightly Softer Growth Expected In PREFU

A slightly softer growth forecast is the main feature of largely unchanged Pre-election Fiscal Update compared to the Budget forecasts three months ago, Finance Minister Steven Joyce says. More>>


Water: Farming Leaders Pledge To Help Make Rivers Swimmable

In a first for the country, farming leaders have pledged to work together to help make New Zealand’s rivers swimmable for future generations. More>>


Unintended Consequences: Liquor Change For Grocery Stores On Tobacco Tax

Changes in the law made to enable grocery stores to continue holding liquor licences to sell alcohol despite increases in tobacco taxes will take effect on 15 September 2017. More>>

Back Again: Government Approves TPP11 Mandate

Trade Minister Todd McClay says New Zealand will be pushing for the minimal number of changes possible to the original TPP agreement, something that the remaining TPP11 countries have agreed on. More>>


By May 2018: Wider, Earlier Microbead Ban

The sale and manufacture of wash-off products containing plastic microbeads will be banned in New Zealand earlier than previously expected, Associate Environment Minister Scott Simpson announced today. More>>