NZ Ministry of Health plan $75m spend to plug cybersecurity gaps

The New Zealand Ministry of Health has just announced a plan to spend $75.6 million to protect the healthcare system from hackers. The budget allocation will be invested over 3 years to increase the resilience of digital systems and data due to increases in cybersecurity risks. 

Shayne Hunter, the Deputy Director-General for Data and Digital, says: “The number and sophistication of cyber-attacks is increasing around the world, and healthcare is traditionally one of the most targeted sectors. We’ve seen with the recent incident at Waikato District Health Board that New Zealand is not exempt from this global trend. Our health and disability system is critical national infrastructure that will only become more dependent overtime on digital technology and information sharing across health networks. This contributes to better patient care and health outcomes but increases the risk presented by cyber threats”. 

Waikato District Health Board’s computer systems were shut down in May of this year because of a ransomware attack. Surgeries were postponed and procedures were transferred to other regions due to patient and staff information being stolen.

Whilst all clinical services at the Waikato District Health Board have been restored, some computer systems are still not able to be used. The ministry has said that “Work is underway to review any cases where a patient’s treatment had to be deferred”.  

Hunter has also said that “While it’s not possible to fully eliminate cyber risks altogether, it’s essential we improve the resilience of our health and disability system so we can minimise the risk of disruptions to healthcare services in the event of a cyberattack and better protect sensitive health information”.  

To address the cybersecurity risks facing the healthcare sector a ‘cybersecurity roadmap’ has been drawn up by the ministry of health and all 20 District Health Boards. The cybersecurity roadmap identifies areas of risk and priorities for improving the resilience of the healthcare system.  

Priorities determined by the roadmap include increasing security staff across the regions, upgrading software and systems, strengthening assurance and testing, and more use of cloud security. 

“The most serious cyber risks will be addressed first before further system-wide cybersecurity improvements are implemented,” Hunter said. 

The Cybersecurity National Steering Committee will govern the delivery of the roadmap. The committee will include national and regional Chief Information Security Officers, representatives from the Ministry, representatives from the health sector, representatives from the National Cybersecurity Centre, and the Government Chief Digital Officer.