Waikato DHB hack is way worse than first feared 

9
561

The Waikato DHB hack is far more serious and damaging than first claimed. I doubt they will be back to normal this year.

My first 3 questions were:

1 – Is it true Waikato DHB were cutting back on cyber security?

2 – What did Waikato DHB do when they heard the same attack had occurred in Ireland?

3 – This took weeks to set up, are any other Public Services in danger of being compromised?

The suspicion is Waikato DHB did cut back on cyber security, Government were warned about this type of hack and the GSCB seem to have no idea if anything else is compromised.

Next questions:

1: Have the PMs health records been compromised?

TDB Recommends NewzEngine.com

2: Is this a foreign actor testing NZ systems at a time of growing tensions in the South Pacific?

3: What happens if other DHBs are also targeted?

This is rapidly becoming a national threat.

Increasingly having independent opinion in a mainstream media environment which mostly echo one another has become more important than ever, so if you value having an independent voice – please donate here.

If you can’t contribute but want to help, please always feel free to share our blogs on social media

9 COMMENTS

  1. The Daily Blog has several times listed the alphabet soup of state snooper agencies and secret squirrel committees, along with biggies–NZSIS and GCSB. Surely it is time for those spies to now earn their taxpayer money.

    NZ intercepts digital traffic and supplies data to 5 Eyes partners, why can they not monitor security breaches like this as part of their brief?–or best of all stop them from happening in the first place as far as it is possible. I guess they are focused on commercial areas rather than public infrastructure, just as they were focused on muslims rather than white supremacists leading up to the Christchurch massacre. NZ’s commercial interests (industrial espionage as it used to be called) have been in the SIS/GCSB area of interest for years now.

    “one Health IT system to rule them all” has to be worth trying, now that the duplication and decrepitude and non compatibility of thousands of old computers and software has been exposed conclusively. The DHB fiefdoms have been taking the urine for far too long.

  2. Exactly my thoughts.
    This is not just some individual.
    You can almost bet it is a state actor of some type.

    • If it’s a state actor, probably North Korea – desperate for money. It’s as likely East European or Indian based.

  3. I am led to believe all DHB computer systems are different and don’t talk to each other. Part of the mindless competitive corporate model.

    So it’s over to each DHB to manage their data bases.

    I don’t want to draw long bows here but I’m going to anyway. Tax cut after tax cut has hollowed out our public institutions and under funding is endemic. It is not unreasonable to conclude that savings have been made by not keeping on top of the security of their data held records. And now lives are at risk.

    Fuck voters who are motivated by greed and fuck political parties (National) and their inherent dishonesty who offer up election year bribes like tax cuts only to fall to tell greedy voters precisely how these cuts are going to be paid for. Like this for example.

    No one will be held to account for this disaster because the fact is it’s systemic and it’s incredible it hasn’t happened before!

  4. This is what happens when you cheap out on internet security. Canterbury auckland otago and welly DHBs all spend millions on Internet security the ever so smart Bureaucrats at waikato dhb refused to spend millions on cyber security and look what happens …. Bureaucrats and politicians do not understand the internet and this is dangerous

  5. Problem is keeping systems patched when critical lifesaving equipment requires thorough testing with each upgrade, hundreds of different machines that need specific tests performed by the vendor to ensure safety and reliability, at 20-30k each, quickly runs into the tens of millions for just one patch. considering there are updates every month or so it quickly adds up. The only way forward is to air gap a huge chunk of the infrastructure and only patch it every 6 months or so. But there’s never a foolproof system. The best security has defense in depth, ie, multiple layers not just a firewall at the perimeter but security measures across the network. And regular penetration tests. And regular disaster recovery exercises. It’s expensive but the alternative (a breach) is worse.

  6. How hard is it to send any email with an attachment to an offserver PC and open the attachment there?

Comments are closed.