Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search


Holes in DHB cyber security – Expert Reaction

The Ministry of Health found five health websites with potential vulnerabilities following the data breach of Tū Ora Compass Health.

The Ministry investigated 600 websites run by primary health organisations and district health boards after cyber hacks targeted Tū Ora Compass Health earlier this month.

None of the PHO websites scanned were identified as having any specific vulnerabilities. Five websites operated by three District Health Boards (DHB) were identified as having potential vulnerabilities. One was a false positive, two cases found no subsequent breach, and analysis continues for the remaining two. None of the vulnerable websites contained private patient information.

The next step is to commission independent external reviews of all DHBs and PHOs to test and remedy vulnerabilities in externally facing IT systems.

The SMC asked experts about the results from the cyber testing.

Dr Vimal Kumar, lecturer, head of Cyber Security Lab, University of Waikato, comments:

"The Ministry’s three-step approach seems to be a reasonable one.

"The first step of the National Cyber Security Centre (NCSC) quickly scanning the public-facing websites will identify existing vulnerabilities, which they seem to have in some cases. The second is for PHOs and DHBs to undertake an assessment of appropriate security controls and implementation of security best practices, and the third is offensive penetration testing of the systems which will help in a deeper assessment of the systems.

"This, however, should not be a one-off exercise. It needs to be kept in mind that cybersecurity is a continuous process and the custodians of data, and especially health data, need to undertake such exercises regularly to assure themselves, as well as the public, that their data is safe. It should also be noted that security is not just the responsibility of a particular person or a group of people within an organisation. It is the responsibility of everyone and organisations must take steps to raise cyber-awareness within their staff."

No conflict of interest.

Associate Professor David Parry, Head of Department of Computer Science, AUT, comments:

"It's good to hear that there are no other websites in the PHOs with the same vulnerabilities, but it is very concerning that three DHBs do. In my view, this confirms that the public health sector as a whole is not investing in IT people and technology at an appropriate level for the 21st Century. Essentially there is too much work and not enough support despite very dedicated people working throughout the sector.

"The next step is basically asking health organisations to confirm that they have adequate security in place. This is fine, but the fact that the question needs to be asked indicates that there are not clear lines of responsibility around this as yet. External audits are very important and will reveal other issues I’m sure.

"Overall this is a good response but shows again that this area has been neglected. I think most people would be shocked that this work is not already being done. Unfortunately there are very few incentives for organisations in the health sector to work together either by sharing data and analysis approaches or best practice around security. This is also emphasised by the interim Simpson report.

"Overall the health system is still much better at collecting information than using it to improve care or increase efficiency. Government should consider how it can give clear and consistent support for safe and effective use of information. Privacy models are out-of-date and ineffective if security is not adequate. Patients have the right to expect that their data will be protected and used effectively but in many cases they are not even aware of how it is collected, used, or by whom. Investment in this area is vital along with top-level management awareness and education, and clear guidance about the law in this area."

No conflict of interest.


© Scoop Media

Parliament Headlines | Politics Headlines | Regional Headlines

Gordon Campbell: On Chilling The Warm Fuzzies About The US/China Trade Deal

Hold the champagne, folks. This week’s China/US deal is more about a change in tone between the world’s two biggest economies – thank goodness they’re not slapping more tariffs on each other! - than a landmark change in substance. The high walls of US and Chinese tariffs built in recent years will largely remain intact, and few economists are predicting the deal will significantly boost the growth prospects for a slowing US economy. As the New York Times noted this morning, the likes of New Zealand will still face the trade barriers imposed by the Trump administration during the recent rounds of fighting. More>>


PGF Kaikōura $10.88M: Boost In Tourism & Business

The Provincial Growth Fund (PGF) is investing $10.88 million to boost business and tourism opportunities in Kaikōura, Parliamentary Undersecretary for Regional Economic Development, Fletcher Tabuteau announced today. More>>


Whitebaiting: Govt Plans To Protect Announced

With several native whitebait species in decline the Minister of Conservation Eugenie Sage has today released proposals to standardise and improve management of whitebait across New Zealand. More>>


Education: Resource For Schools On Climate Change

New resource for schools to increase awareness and understanding of climate change... More>>


In Effect April: New Regulations For Local Medicinal Cannabis

Minister of Health Dr David Clark says new regulations will allow local cultivation and manufacture of medicinal cannabis products that will potentially help ease the pain of thousands of people. More>>


RNZ: New Year Honours: Sporting Greats Among Knights And Dames

Six new knights and dames, including Silver Ferns coach Dame Noeline Taurua and economist Professor Dame Marilyn Waring, have been created in today's New Year's Honours List. The list of 180 recipients - 91 women and 89 men - leans heavily on awards for community service, arts and the media, health and sport.


Gordon Campbell: On What An Inquiry Might Look Like

Presumably, if there is to be a ministerial inquiry (at the very least) into the Whakaari/White Island disaster, it will need to be a joint ministerial inquiry. That’s because the relevant areas of responsibility seem to be so deeply interwoven... More>>






InfoPages News Channels