New Zealand hospitals infected by ransomware, cancel some surgeries
Intrusion believed to have entered through email
New Zealand's Waikato District Health Board (DHB) has been hit with a strain of ransomware that took down most IT services Tuesday morning and drastically reduced services at six of its affiliate hospitals.
The attack disabled all IT services except email. Patient notes became inaccessible, clinical services were disrupted, and surgeries postponed. Phone lines went down and hospitals were forced to accept urgent patients only.
Yesterday, Waikato DHB chief executive Kevin Snee told local outlet Stuff that it could be days before systems are running again. In the meantime, hospital staff have turned to old fashioned pen and paper and referring non-emergency cases elsewhere.
Waikato DHB said today in a canned statement:
Our staff are working to restore the infected systems and on the remediation process. We are working with the relevant government departments to ensure a secure environment is successfully re-established.
At affiliate Waikato Hospital, 29 out of 102 elective inpatient surgeries were postponed today. Yesterday, six out of 101 were cancelled. At affiliate Thames Hospital, all elective surgeries were postponed. All outpatient activity was deferred at affiliate hospitals in rural areas.
The organisation added:
We are currently working with other government departments to investigate the cause, but are working on the theory that the initial incursion was via an email attachment. A forensic investigation is ongoing.
The head of Waikato DHB has decided not to pay a ransom, a decision also made by the Scottish Environmental Protection Agency when it was attacked by WizardSpider-deployed Conti malware last January.
The Kiwi infection follows WizardSpider's attack last week that resulted in a Irish hospital cancelling outpatient appointments.
- Colonial Pipeline suffers server gremlins, says it's not due to another ransomware infection
- Axa insurance offshoots pwned as Ireland reveals second ransomware hit
- 48 ways you can avoid file-scrambling, data-stealing miscreants – or so says the Ransomware Task Force
- Emotet malware self-destructs after cops deliver time-bomb DLL to infected Windows PCs
Several ransomware operators have pledged that they will not target medical organisations during the current pandemic, but apparently both honour and consistency is lacking among thieves.
The Register understands that institutions and businesses with ties to the hospital system have been alerted to the situation, are aware of the potential for the ransomware infection to spread quickly, and are acting accordingly to protect their operations. ®