Waikato’s woes continue into another week

The week’s headlines were again dominated by the cyber attack on Waikato DHB, which is still in the very early days of recovery from what turned out to be an extremely significant incident. Officials confirmed that patient and staff data that was sent to the media earlier this week was genuine and had been stolen, but a deadline the alleged perpetrators gave for the payment of a ransom came and went with no public release of the documents.

Questions are being asked if Waikato’s security systems, and those of the rest of the DHBs, are up to scratch, particularly in light of the current state assessment released last year that looked at five core applications at each DHB, including patient administration systems, clinical portals, financial management systems, pharmacy management and medication management.

It also surveyed the Northern region's IT infrastructure, including data centres, networks and security and found they were outdated and not adequate to support the introduction of new systems or to manage increased cyber security issues.

They are going to require serious money to remedy – $2.3 billion over 10 years, the report found – but in the meantime, the Ministry of Health is working with DHBs on a maturity assessment which will help detail targeted investment on cyber security.

Deputy-director general for data and digital Shayne Hunter said Waikato had good back-ups for its data and took cyber security seriously, but acknowledged that it wasn't possible to keep information 100 per cent safe. Malicious attackers “will find all sorts of ways to get through our defences,” he said. They certainly did.

We also had a chat to health IT industry veteran Daryll Goodall, who has recently been named managing director for the Asia Pacific region for Dedalus, the European-headquartered firm that bought DXC Technology’s healthcare assets last year. Mr Goodall was in the saddle with both CSC and DXC and knows the sector intimately, and he has some big plans for the future with Dedalus’ backing, including through acquisitions.

The company, which also owns Agfa’s healthcare business, is a big one and is probably the largest non-American health IT company in the world. It estimates it has a presence in every state and territory health department in Australia and every DHB in New Zealand as well as in the private sector, and it has serious plans to grow that pie, as well as to reconnect with the primary care sector. Dedalus began in Italy in the 1980s servicing the GP market and although there are no plans to bring in a new GP system, Mr Goodall said that if Dedalus wants to have an integrated healthcare, which it does, then interoperability with other systems is a must.

And finally, although it escaped our notice over the last two months, there has been a fierce battle underway for control of ASX-listed online appointment booking vendor 1st Group. An attempted coup by several members of the company’s board that saw the resignation of co-founder and CEO Klaus Bartosch in March appeared to be successful, with an interim CEO appointed and a strategic review undertaken. No sooner was that review published than Mr Bartosch mounted a strong counter attack, which did prove successful. This week he emerged victorious and is back in his saddle, with the usurpers dispatched.

With Waikato’s troubles still in the news, our poll from last week is timely. We asked: Are large health services well equipped to handle cyber security? Absolutely not, 94 per cent of our readers say. Just six per cent say they are.

This week we thought we’d ask what readers think is the main problem with health service cyber security.

Is lack of adequate funding or lack of qualified staff the main cyber security challenge for healthcare?

Vote here but if you have an alternative suggestion, feel free to leave your comments below.

Comments  

0 # Antony Sara 2021-05-29 16:33
Kate, as i understand it all these attacks have been carried out by phishing emails. Some of these are very difficult to block. Using Cisco or equivalent web-rep security, as does using end-point AV and anti-threat technology, assist greatly. But the difficulty is that phishing emails are very hard to notice and hence to capture and block. So yes, funding is important. and yes, trained health IT staff are important. but the biggest need is to train non-technical health health staff to not click on evil links. So there is a third answer: train health staff to not do silly things, plus have the antimalware applications and the funds to implement. Having said that, all health services in NSW and probably Australia have end-point protection and email and web rep protection software, and it appears to be fairly good. Does it really come down to ensuring staff do not click on the 'bad' links....???
Tony

You need to log in to post comments. If you don't have a Pulse+IT website account, click here to subscribe.

Sign up for Pulse+IT eNewsletters

Sign up for Pulse+IT website access

For more information, click here.

Copyright © 2021 Pulse+IT Communications Pty Ltd
No content published on this website can be reproduced by any person for any reason without the prior written permission of the publisher.
Supported by Social Media Agency | pepperit