Why monitoring high tech systems and data is critical for New Zealand healthcare providers

Here in New Zealand, we aim to have a healthcare system that takes excellent care of each and every one of us. We've highly qualified GPs who treat common medical conditions and hospitals where Kiwis of all backgrounds and ages expect to receive the best possible treatment.

Of course, there are always opportunities for improvement and World Patient Safety Day on 17 September is a reminder to seek them out. It's an annual initiative that aims to raise global awareness about patient safety and encourage united action to reduce patient harm. 

First held in 2019, it was inspired by a set of alarming statistics: 134 million adverse events¹ occur globally each year due to unsafe care in hospitals; 15% of hospital expenses² can be attributed to treating patient safety failures in OECD countries; and 80%³ of harm to patients in primary and ambulatory settings is avoidable.

Unpacking the risks to patients

While it behoves healthcare professionals to reflect on their practice and adopt or adapt processes to better protect the individuals in their care, deficiencies in direct care are not the only dangers faced by patients today.

Their health, wellbeing and lives can also be put at risk by a cyberattack or significant data breach. 

The risk to healthcare systems is not hypothetical. Cyberattacks on healthcare facilities have increased dramatically in recent years, both globally and in New Zealand, bringing systems to a halt and endangering patient safety.  Patients have also faced delays in treatments while sensitive personal and medical data have been leaked online. 

Breaches have demonstrated the real-world impact of cyberattacks on patient safety, leading to millions in recovery costs and long-term reputational damage.  Additionally, healthcare providers must allocate significant resources to restore systems and data integrity, pulling funds away from patient care and innovation.
 
Globally, healthcare organisations were targeted by an average of 2,640 cyberattacks per week in 2024, according to Check Point research. New Zealand is not exempt from this growing threat. CERT NZ reported a consistent rise in cyberincidents within the healthcare sector, with the 2023 Te Whatu Ora data breach exposing personal information of over 12,000 employees.

These incidents highlight the vulnerabilities in the nation's healthcare system and the pressing need to enhance cybersecurity infrastructure.  At the same time, for every headline hitting incident like these, there are hundreds more failed gambits.

Healthcare is a common target of cyberattacks courtesy of the fact that organisations in this sector are custodians of valuable data; personal information that's worth money to criminals seeking to commit identity theft and fraud. It's a hot commodity on the dark web and can serve as leverage in the corporate extortion that is a part and parcel of a ransomware attack.

And the perpetrators aren't just persistent and ruthless – they're highly professional and organised too. Some provide access to organisations they've previously breached to their 'colleagues' while others rent their infrastructure out or offer ransomware as a service to amateur cyber-criminals who lack the technical nous to orchestrate their own attacks.

Protecting patients from harm

As healthcare facilities become ever-more-reliant on digital technologies, the risk to patients and healthcare professionals continues to rise apace.

That's why cyber security is now an essential element in the patient safety equation and organisations and one that organisations can't afford to ignore.  Indeed, there's a critical need for proactive defenses and robust cyber security strategies to safeguard patients and their data. Organisations have a responsibility to adopt comprehensive measures to improve their security posture by implementing cyber policies, solutions and staff training programs.

Key steps should include securing all devices that could provide an entry point for hackers and implementing anti-ransomware software that watches for unusual activity, such as the opening and encryption of large numbers of files. If suspicious behaviour is detected, it can react immediately to prevent massive damage. 

Segmentation of the network, so that users only have access to the information they need to do their jobs, can minimise the risk of malicious code spreading uncontrollably throughout the organisation. 

And a comprehensive automatic backup program will ensure data is easily and quickly recoverable should the worst occur.

Together with a rigorous patching program and awareness training that teaches employees to recognise threats, these measures can do much to mitigate the risk.

Safety first

Providing exemplary care to patients is the raison d'etre of the nation's healthcare system. Protecting the IT infrastructure hospitals and healthcare professionals depend on to deliver that care is vital, too, on World Patient Safety Day and every day.