[BreachExchange] Waikato DHB ransomware attack: Documents released online

Tue Jun 29 10:27:01 EDT 2021

https://www.rnz.co.nz/news/national/445735/waikato-dhb-ransomware-attack-documents-released-online

RNZ has been shown screenshots of what appears to be a link to a directory
of sensitive information.

The list of documents suggests it includes data of patients and staff.

It has been six weeks since a ransomware attack crippled its systems and
forced a massive overhaul of its operations.

The ransomware attack brought the DHB's hospitals and services to a
grinding halt and staff have had to resort to manual workarounds to
continue caring for patients.

Some people needing specialist treatment have had to travel to other DHBs.

IT security expert Daniel Ayers told Midday Report he had a look at the
file structure - without viewing personal information - and confirmed it is
from the DHB.

He said the documents included correspondence, medical records, and
financial data.

"I do note that some of the material in this leak does match some of the
information that was previously released to media."

He said this could be an act of retaliation for the ransom not being paid.

"There's a substantial amount of information here and the fact that it is
being made public is obviously concerning."

Confirming some stolen information had made its way to the dark web,
Waikato DHB released a statement this evening saying it had been aware of
the risk and had been working closely with cyber security experts to
identify and manage any potential disclosures.

"Early on in this incident, the DHB was made aware of an information file
that had been accessed," it said.

"At that point in time the DHB took the necessary steps to notify affected
staff and patients. The DHB has been working closely with the Privacy
Commissioner to ensure that we meet our obligations and appropriate action
has been taken.

"As the investigation continues and further information is provided we will
continue to notify staff and patients as appropriate.

"Additional material has now been identified, as reported in the media
today. The DHB has obtained this material and is now working through it to
understand the content and will thereafter notify affected patients and
staff."

The DHB said notifications to individuals would include advice on how to
protect themselves and their data moving forward.

"We will also continue to assess the situation so that we can quickly
provide updated advice in the event we identify any additional risk to
individuals."

It requested that media organisations deal with the material sensitively to
avoid undue stress to individuals and said a government-announced
independent review into its systems would allow it to learn from the
experience.

"We are aware that some media have obtained screenshots and/or data and ask
that care is taken in any public disclosure. There is potential to cause
undue distress to patients and staff through the publication of information
which allows the identification of individuals.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20210629/9ee7dc9c/attachment.html>