Story image

Don't expect Govt to protect NZ healthcare firms from cyber attacks, health expert warns

05 Jul 2017

New Zealand's health sector must be prepared for a case of 'not if, but when' a major cyber attack causes massive disruption, despite intense security efforts to ward them off.

HZ HealthIT chief executive Scott Arrol says that there are no guarantees that risk mitigation will be successful.

“None of us can pass the buck and assume that its up to the government and big corporates to protect New Zealand health organisations. We have all got to play our part to protect confidential health information," he says.

Despite government spy agencies boosting security of critical infrastructure, government departments and key businesses, health organisations have some catching up to do.

Less than 5% of New Zealand organisations have invested in cyber insurance, despite a global increase in cyber attacks, NZ Health IT claims.

You only have to look as far as the WannaCry attack, he says. “A recent global cyberattack using hacking tools crippled the United Kingdom’s national health service.

That attack hit at least 16 health service organisations, including hospitals and GP surgeries. Hospital staff had to turn away patients and cancel appointments because their computer systems were crippled.

“We have seen ransomware attacks against the NHS in the past including Barts Health Trust in January," comments Digital Shadows vice president of strategy, Rick Holland.

Citizens were also asked to seek medical care only in emergencies because of the crisis.

Staff members were also forced back to pen, paper and their own mobiles to continue working as the WannaCry attack hit.

According Tenable Network Security, healthcare may be bigger targets because of their predilection to pay ransom demands.

While Arrol says that the Ministry of Health is working with district health boards and government agencies as a precaution against ransomware attacks such as WannaCry.

Next month NZHIT will be holding a national Cybersecurity in Health symposium in Auckland. The symposium will bring together organisations including the National Cyber Policy Office, National Cybersecurity Centre and Cyber Toa.

Fortinet offers these tips for all organisations to protect against cyber attacks:

1.      Establish a regular routine for patching operating systems, software, and firmware on all devices. For larger organisations with lots of deployed devices, consider adopting a centralised patch management system.

2.      Deploy IPS, AV, and Web Filtering technologies, and keep them updated.

3.      Back up data regularly. Verify the integrity of those backups, encrypt them, and test the restoration process to ensure it is working properly.

4.      Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.

5.      Schedule your anti-virus and anti-malware programs to automatically conduct regular scans.

6.      Disable macro scripts in files transmitted via email. Consider using a tool like Office Viewer to open attached Microsoft Office files rather than the Office suite of applications.

7.      Establish a business continuity and incident response strategy and conduct regular vulnerability assessments.

New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.