Gordon Campbell | Parliament TV | Parliament Today | News Video | Crime | Employers | Housing | Immigration | Legal | Local Govt. | Maori | Welfare | Unions | Youth | Search


Holes in DHB cyber security – Expert Reaction

The Ministry of Health found five health websites with potential vulnerabilities following the data breach of Tū Ora Compass Health.

The Ministry investigated 600 websites run by primary health organisations and district health boards after cyber hacks targeted Tū Ora Compass Health earlier this month.

None of the PHO websites scanned were identified as having any specific vulnerabilities. Five websites operated by three District Health Boards (DHB) were identified as having potential vulnerabilities. One was a false positive, two cases found no subsequent breach, and analysis continues for the remaining two. None of the vulnerable websites contained private patient information.

The next step is to commission independent external reviews of all DHBs and PHOs to test and remedy vulnerabilities in externally facing IT systems.

The SMC asked experts about the results from the cyber testing.

Dr Vimal Kumar, lecturer, head of Cyber Security Lab, University of Waikato, comments:

"The Ministry’s three-step approach seems to be a reasonable one.

"The first step of the National Cyber Security Centre (NCSC) quickly scanning the public-facing websites will identify existing vulnerabilities, which they seem to have in some cases. The second is for PHOs and DHBs to undertake an assessment of appropriate security controls and implementation of security best practices, and the third is offensive penetration testing of the systems which will help in a deeper assessment of the systems.

"This, however, should not be a one-off exercise. It needs to be kept in mind that cybersecurity is a continuous process and the custodians of data, and especially health data, need to undertake such exercises regularly to assure themselves, as well as the public, that their data is safe. It should also be noted that security is not just the responsibility of a particular person or a group of people within an organisation. It is the responsibility of everyone and organisations must take steps to raise cyber-awareness within their staff."

No conflict of interest.

Associate Professor David Parry, Head of Department of Computer Science, AUT, comments:

"It's good to hear that there are no other websites in the PHOs with the same vulnerabilities, but it is very concerning that three DHBs do. In my view, this confirms that the public health sector as a whole is not investing in IT people and technology at an appropriate level for the 21st Century. Essentially there is too much work and not enough support despite very dedicated people working throughout the sector.

"The next step is basically asking health organisations to confirm that they have adequate security in place. This is fine, but the fact that the question needs to be asked indicates that there are not clear lines of responsibility around this as yet. External audits are very important and will reveal other issues I’m sure.

"Overall this is a good response but shows again that this area has been neglected. I think most people would be shocked that this work is not already being done. Unfortunately there are very few incentives for organisations in the health sector to work together either by sharing data and analysis approaches or best practice around security. This is also emphasised by the interim Simpson report.

"Overall the health system is still much better at collecting information than using it to improve care or increase efficiency. Government should consider how it can give clear and consistent support for safe and effective use of information. Privacy models are out-of-date and ineffective if security is not adequate. Patients have the right to expect that their data will be protected and used effectively but in many cases they are not even aware of how it is collected, used, or by whom. Investment in this area is vital along with top-level management awareness and education, and clear guidance about the law in this area."

No conflict of interest.


© Scoop Media

Parliament Headlines | Politics Headlines | Regional Headlines

Covid-19: Dissolution Of Parliament Delayed As Govt Hunts Source Of New infections

The dissolution of Parliament has been deferred by at a least a few days due to the new covid-19 cases, Prime Minister Jacinda Ardern said.
This was in case Parliament had to be reconvened as more information came to light, Ardern said at a briefing on the three-day level 3 lockdown in Auckland and level 2 alert for the rest of the country.
A decision about the dissolution of Parliament and any flow on effects for the timing of the election would be considered on Monday, Ardern said... More>>


Government: Plan To Tackle Problem Plastics

Following the success of the phase out of single-use plastic shopping bags, the Government now has plans to phase out more single-use and problem plastics to reduce waste and protect the environment announced Associate Minister for the Environment ... More>>


Gordon Campbell: On The New Lockdowns, Leadership And Lebanon

As Melbourne has shown, the webs of urban life overlap so extensively that community transmission can be very hard to trace, let alone control. Each of the family members in the South Auckland family at the centre of the current outbreak will have had ... More>>


National: Emma Mellow As Auckland Central Candidate

Tonight the National Party has selected Emma Mellow to stand in the Auckland Central electorate for the 2020 General Election. Emma Mellow replaces retiring MP Nikki Kaye who first won the seat from Labour in 2008. Emma leads a team of communications ... More>>


Travel: Update On New Zealand And The Cook Islands Bubble

The Prime Minister of New Zealand Jacinda Ardern and the Prime Minister of the Cook Islands Henry Puna have welcomed the completion of phase one in the establishment of a travel bubble between New Zealand and the Cook Island. More>>

Election 2020: Labour Launch

E ngā mana e ngā reo Ngāti whātua ngā mana whenua o Tāmaki Makaurau, e tika te kōrero Ehara taku toa he toa (taki tahi) he toa (taki tini) No rēira tātou e huihui mai nei, ka ‘Hoake tonu tātou’ Thank you for that welcome. And thank ... More>>

Gordon Campbell: On Political Twins, And On Labour Extending Its Wage Subsidy Scheme

A quick quiz for the weekend. Which political party currently represented in Parliament issued a press release yesterday that contained these stirring passages: “[We have] long supported a free trade and free movement area between Canada, Australia, New ... More>>


Covid-19: Poll On Management Approval

New Zealanders’ overall trust in the Ministry of Health and Government to manage the COVID-19 pandemic is at 82%, down from 91% during April. Overall distrust that the Ministry and Government will manage it in ways which best protect themselves More>>

Election 2020: National Releases 2020 Party List

National’s 2020 Party List is a strong mix of experience coming up through our Caucus, and new and exciting talent joining our team from communities across New Zealand, Party President Peter Goodfellow says. “The National Party is incredibly ... More>>

Horizon Research Limited: How Judith Collins Stopped The Bleeding

Horizon Research includes questions on voting from time to time in its surveys – for both forthcoming referenda and general elections. More>>

Your Vote 2020: Bringing Election Coverage To Viewers Across TVNZ Channels And Platforms

As New Zealand gets ready to head to the ballot box this September, 1 NEWS is bringing voters comprehensive coverage and analysis of this year’s General Election. TVNZ’s coverage will draw on the depth of experience held across the 1 NEWS team, says Graeme ... More>>

Economy: 30% Believe Households Worse Off, 298,000 Expect To Lose Jobs

64% of New Zealanders feel the economic position of their households is the same or better than a year ago – and 30% think it is worse or much worse, while 298,000 think they will lose their jobs in the next 12 months. Households’ perceptions ... More>>

State Services Commission: Findings Of Investigation Into COVID-19 Active Cases Privacy Breach

Deputy State Services Commissioner Helene Quilter has today announced the findings of an investigation into a breach of privacy regarding sensitive personal information. The investigation looked into who or what caused the disclosure of the information, ... More>>

International Security: New Zealand Suspends Extradition Treaty With Hong Kong

The New Zealand Government has suspended its extradition treaty with Hong Kong and made a number of other changes in light of China’s decision to pass a national security law for Hong Kong, Foreign Affairs Minister Winston Peters says. More>>






InfoPages News Channels