Waikato DHB says hundreds of people have potentially been affected, after a large tranche of data stolen from its servers was published on the dark web.
It’s been six weeks since the ransomware attack that crippled IT and communication systems across five hospitals, and operations are still not back to normal.
Chief Executive of the Health Board Dr Kevin Snee’s admitted a “reasonable number” of people have had their privacy breached by the new leak from hackers this week , saying it’s “certainly more than dozens”.
He’s confirmed hundreds of people were affected by an earlier data leak to some media organisations.
“We had something like 165 staff who were in the original data breach that went to the media… all of those have been contacted.
“There was then a group of folders that related to patients… a couple of hundred, 250," he said.
The DHB says its working through the data from the breach this week to identify who’s been affected, and will offer support to those they identify.
“You’ve got to bring all the data together, cause it’s in different files, you’ve then got to assess that data for the impact it’s going to have on the individuals," Snee said.
In that process the DHB may decide it’s not appropriate to advise some patients.
“We’re obliged to assess whether in sharing that information with the individual that you cause more harm," Snee said.
“We would talk to the clinician and it would become a clinical discussion about how that information is best handled.. and our intention would always be to give the information to the individual unless there were very good reasons for not doing so."
The DHB’s still recovering from a ransomware attack that crippled its IT and communication systems six weeks ago.
He says that could include mental health concerns.
Snee says the process for assessing the data relating to staff is more straightforward, so some affected staff members have already been contacted.
The data leak’s believed to include some staff driver licenses and passports, so the DHB has also advised the IRD and the Department of Internal Affairs.
Snee expects the DHB will have made a lot more progress in its response to the dark web leak in a week.
He says they’re not considering any kind of compensation for affected patients at this point, but they may reconsider that going forward.
The DHB still hasn’t identified the country the ransomware attack came from.
“It’s very difficult to identify exactly where it’s come from," Snee said.
But he’s confident the hacker’s entry point has been found.
The Executive Director of Hospital & Community Services at Waikato DHB, Christine Lowry, says the hospital’s recovery is progressing well.
“From a patient’s perspective our services are fully functional,” she said, “however from an operational perspective for our staff, there are still some workarounds they’ve had to keep in place while we continue to work through the restoration of the remaining systems.
“We are still continuing to outsource some surgery as per our initial response, and as we move more into the recovery phase, we’re working out how much more we’ll need to rely on other DHBs and the private sector."
She said the DHB’s reviewing the backlog of referrals and establishing how many patients have missed treatment during this period, and that will give them an idea of the wait times going forward.
“Wait times for outpatients and elective surgeries won’t have improved over the past few weeks because we hadn’t been operating as normal," Lowry said.
The total cost of the ransomware attack’s expected to be in the millions, but the DHB says its insurance will cover most of that.
SHARE ME