Pay serious attention to cyber security threats - NZHIT
The Waikato District Health Board cyber attack has been a wake-up call for all businesses, organisations, and people in Aotearoa.
Few Kiwi businesses have taken cyber attacks seriously and only six percent of companies have adequate protection.
On average, companies take about 197 days to identify and 69 days to contain a breach according to IBM.
The attack on the Waikato DHB is thought to have come through an email attachment, crashing the health board’s electronic systems, delaying elective surgeries, and making patient's notes inaccessible.
CERT NZ, the government agency which supports organisations and people affected by cyber security incidents, last year received 7809 cyber security reports affecting New Zealanders, a significant leap from the 4740 reports made in 2019.
The covid pandemic has been the strongest catalyst for upgrading cyber security strategies in the past 12 months.
NZ Health IT (NZHIT) says every organisation should be planning to respond to a cyber attack.
John Williams, chair of NZHIT’s special interest digital enablers group, says there are ways to navigate the tricky world of cyber security.
The Waikato DHB event is a poignant example of an increasing number of cyber attacks against health facilities around the globe, he says.
“Health facilities are sought after targets for cybercriminals because of the rich personal health information they have within their information systems.
“The fall-out from such attacks as we have seen in the Waikato DHB situation are numerous and include systems down for a considerable period of time resulting in postponement of services, the threat to people’s lives, the loss of vital personal health information, and the loss of trust from the community to name a few.
“NZHIT has a large range of members with vast experience and expertise in cyber security awareness, preparedness, and implementation,” Williams says.
NZHIT has offered recommendations for others in the Aotearoa health sector to consider:
- Increase vigilance in monitoring, detecting, and responding to suspicious activity
- Consider endpoint detection and response tools or tech platforms that can alert organisations of malicious activity
- Review advisories sent so far by CERT NZ, the National Cyber Security Centre, the Ministry of Health, and other experts in cyber security
- Review and implement CERT’s top 10 critical controls at a minimum
- Conduct a fresh cyber risk assessment
- Review external perimeter security, services and ports, and scan for vulnerabilities plus limit exposure
- Review third-party services risks, in particular related to remote access and management
- Maintain offline, encrypted backups of data and regularly test backups
- Make sure patches on all devices are up to date
- Check antivirus and other security systems will detect and block ransomware
- Review network segmentation and limit administrative access based on least privilege principles
- Review emails, attachments, macro detection, and protection controls
- Implement awareness training and processes to increase cyber security literacy
- Implement segregation of duty between IT operations and security operations
- Segmentation of networks (run regular scans and pick all assets up not just windows machines)
- Consider the security reputation of the provider and check if they are fully certified
- Have an incident response partner to call
- Have an offline copy of the organisation’s incident plan