After last week’s revelations that the Bay of Plenty District Health Board deals with up to 860,000 cyber attacks per day, the National Party’s Data and Cybersecurity spokesperson Dr Shane Reti has called out the current Health Minister’s apparent lack of concern.
Last week Newshub broke the story that the Bay of Plenty District Health Board is bombarded with threats each week.
According to National’s Data and Cybersecurity spokesperson Dr Shane Reti, current Health Minister Dr David Clark dismisses general cybersecurity concerns as ‘hypothetical’ – despite the fact that the UK is still dealing with major cyber attacks such as Wannacry.
The Wannacry ransomware crippled the UK’s National Health System and many healthcare providers in May 2017. Reti Believes it’s critical that New Zealand’s District Health Boards are fully equipped to protect and handle important data.
“Official information obtained by the National Party shows just how prolific these cyber attacks are, with most of the 800,000 daily attacks on the Bay of Plenty DHB originating in Russia and the Ukraine,” Reti says.
“Dr Clark has downplayed cybersecurity issues by saying he won’t deal in hypotheticals. There is nothing hypothetical about our DHBs being under cyber attack– it is clearly occurring and at an alarming rate.”
He believes this shows a lack of leadership. He also believes the Minister needs to roll out a ‘cybersecurity stocktake’ and security improvements for all District Health Boards.
“CERT NZ is well placed to do that work. It was established by the National Government as a first response cybersecurity centre for collating, analysing and advising members of the public, business and the government on cybersecurity matters,” Reti explains.
“The Health Minister needs to take issues of cybersecurity in our DHBs seriously and act to ensure that our DHBs, the systems that they run and the data that they hold are safe.”
According to CERT NZ’s latest Q1 2018 Quarterly Report, New Zealand businesses and individuals reported 506 incidents between 1 January and 31 March this year.
Four of those reports came from businesses in the healthcare and social assistance sector; while 92 came from the financial and insurance services sector.
Phishing and credential harvesting was the most common incident report; followed by scams and fraud; unauthorised access; reported vulnerabilities; and ransomware all rounded out the top five most common reports.
The last quarter also reported upwards of $2.9 million in direct financial losses, most of which came from individuals ($2.2 million). Organisations reported $728,000 in direct financial losses.