Up to $75.7 million, from Budget allocations, will be invested over 3 years to increase the resilience of data and digital systems in the face of increasing cybersecurity risks.
“The number and sophistication of cyber-attacks is increasing around the world, and healthcare is traditionally one of the most targeted sectors. We’ve seen with the recent incident at Waikato District Health Board that New Zealand is not exempt from this global trend,” says Shayne Hunter, Deputy Director-General, Data and Digital.
“Our health and disability system is critical national infrastructure that will only become more dependent over time on digital technology and information sharing across health networks. This contributes to better patient care and health outcomes but increases the risk presented by cyber threats.
“While it’s not possible to fully eliminate cyber risks altogether, it’s essential we improve the resilience of our health and disability system so we can minimise the risk of disruptions to healthcare services in the event of a cyber-attack and better protect sensitive health information.”
“While all 20 DHBs are continuing to make progress with increasing the resilience of their systems to reduce the risk and impact of events like the Waikato cyber-attack, we know that more needs to be done. That’s why the Ministry of Health has worked with DHBs to assess the current cybersecurity risks across the sector and prioritise areas for improvement through a cybersecurity roadmap.
“The first step in the roadmap is to build a set of core cybersecurity capabilities for our hospitals, primary care and community services. This will reduce the likelihood of another successful cyber-attack while laying solid foundations for further cybersecurity improvements and the secure implementation of new digital health technologies.”
Work will include increasing security leadership and capability both regionally and nationally, upgrading existing software and systems, establishing national security standards and guidelines, strengthening assurance and testing capability, and increasing the use of cloud security services as well as improving identity and access management systems.
“A focus of our strategy is on sharing resources and capability. A key responsibility of the regional cybersecurity teams will be to help primary care and community providers develop incident response plans so they can continue to provide essential services in the event of a cyber-attack.”
Delivery of the roadmap will be governed by a Cybersecurity National Steering Committee, which will include national and regional Chief Information Security Officers (CISOs) along with representatives from the Ministry, the heath sector, the National Cybersecurity Centre and the Government Chief Digital Officer.