An analysis report concerning last year’s cyberattack on the former Waikato District Health Board has given several recommendations to beef up cybersecurity across New Zealand’s health system.
The Ministry of Health had engaged managed cybersecurity service provider InPhySec Security to review the 18 May incident and provide advice on what can be learned from it.
RECOMMENDATIONS
One of the report’s major recommendations is a cybersecurity design which involves data segmentation, identification of high-risk data assets, the use of encryption for data, access controls, and systematic logging and monitoring across the health system’s data estate, including legacy systems.
“The design phase can limit damage in the event of an intrusion and make the system more resilient,” it said.
The report also forwarded some typical post-incident recovery recommendations such as patching, regular exercise of incident response plans, and having the “closest possible” controls on the number and activities permitted of privileged access accounts.
InPhySec Security also wanted the government to “systematically” make investments to eliminate unsafe legacy systems, fully utilise well-managed…
