An analysis Reports regarding last year’s cyberattack on the Waikato County Health Board previously made several recommendations to increase cybersecurity across New Zealand’s health system.
The Ministry of Health has invited managed cybersecurity service provider InPhySec Security for review The May 18 incident and advice on what can be learned from it.
RECOMMENDATIONS
One of the report’s key recommendations is to design cybersecurity that includes data segmentation, identification of high-risk data assets, use of encryption for data, access control, and logging. and systematic monitoring of the entire data warehouse of the health system, including legacy systems.
“The design phase can limit damage in the event of a breach and make the system more resilient,” it said.
The report also relays some typical disaster recovery recommendations such as patching, regular implementation of incident response plans, and “as close as possible” control over the allowed number and activities of users. privileged access accounts.
InPhySec Security also wants The government invests “systematically” to eliminate insecure legacy systems, make full use of well-managed cloud systems, and meet the growing use of medical devices. connected to the internet in a secure way. It also expects the government to invest in upskilling IT and provide clear frameworks – for example, a code of conduct that sets minimum cybersecurity requirements for all IT users.
In addition, the report recommends updating the health system’s Coordinated Incident Management System framework and requiring healthcare workers to adhere to rules regarding system connectivity, use of new equipment, and data access. Whether. “This will be a huge cultural shift for many people, including demanding clinicians. There is no real alternative, but it should not be underestimated,” it stressed. .
In the event of a network incident, it is recommended that response and the transition to recovery be “led by intelligence” with incident managers thinking like hackers. “[I]Incident managers need to be able to use technical and behavioral information to make verifiable, defensible assessments and inferences about the probable behavior of attackers, ” the report explains.
Finally, the report recommends conducting simulations of network failures to practice disruptions in virtual environments.
TREND TO BIGGER
Responding to the report, Sonny Taite, Te Whatu Ora’s national CISO, said they had accepted the recommendations in principle.
To date, the organization has taken steps to strengthen the security of its IT systems, including the launch of a NZ$75 million (47 million) National Cybersecurity Enhancement Program. USD) at the end of last year. Taite said the program addressed some of InPhySec Security’s recommendations, such as planning a series of incident response simulation exercises, updating the Health Information Security Framework, hiring more experts Security colleagues join the program to upgrade and deploy new security technologies to protect legacy systems. A Cyber Academy is also being planned to explore a work-based approach to cybersecurity.
“Cybersecurity is an ongoing process of risk management, and we will continue to evolve and adapt our agenda in the ever-changing digital landscape,” Taite said in a statement. private.
Meanwhile, the Ministry of Health has also launched a two-year strategy and action plan to strengthen the collection, management, use and sharing of health data throughout the health system. The Health and Disability Data and Information Strategy seeks to engage healthcare consumers in terms of the collection and use of their personal health data, ensuring quality, relevant data. accessible, supporting a more cohesive system and developing accessible digital health services.
Also at the end of last year, the Ministry negotiated a signed a single digital services contract with Microsoft for more cybersecurity tools for the nation’s healthcare and disability systems.
After the Waikato DHB hack last year, Pinnacle Midlands Health Network became the subject of a cyber attack in late September. It is reported that their hackers accessed health information between 2016-2022 and some Pinnacle corporate information from a third-party server. Two weeks after the hack, the compromised data was confirmed to have been leaked on the dark web. Recently, Pinnacle is still trying to determine whose information was exposed in the aforementioned leak.
ON PROFILE
“Implicated in all of this is our view that cybersecurity is an ongoing process in an environment of constant challenges. It will never be ‘solved’; rather, the relationship The criminal threat to our data must be managed, mapped out and then finally accepted to a true level of redundancy.This is a task that will never end. is that people have to change attitudes and behaviors across the system, which means more resources – money and skilled people – if it works. IT,” the InPhySec Security report notes.
