New Zealand’s Waikato District Health Board (DHB) has been hit with a pressure of ransomware that took down most IT services Tuesday morning and extremely reduced services at six of its associative hospitals.
The attack paralysed all IT services except email. Patient notes became unreachable, clinical services were unsettled, and surgeries delayed. Phone lines went down and hospitals were strained to accept urgent patients only.
Yesterday, Waikato DHB chief executive Kevin Snee told local outlet Stuff that it could be days before systems are working again. In the meantime, hospital staff have turned to outmoded pen and paper and implying to non-emergency cases elsewhere.
Waikato DHB said today in a canned statement:
Our staff are working to restore the infected systems and on the correct process. We are working with the pertinent government departments to provide a secure environment is successfully re-established.
At affiliate Waikato Hospital, 29 out of 102 elective agitated surgeries were postponed today. Yesterday, six out of 101 were called off. At associative Thames Hospital, all voluntary surgeries were postponed. All outpatient activity was delayed at affiliate hospitals in remote areas.
The organisation added:
We are presently working with other government departments to scrutinize the cause, but are working on the theory that the initial intrusion was via an email attachment. A forensic investigation is in progress.
The head of Waikato DHB has determined not to pay a ransom, a decision also made by the Scottish Environmental Protection Agency when it was charged by WizardSpider-deployed Conti malware last January.
The Kiwi infection follows WizardSpider’s attack last week that developed in a Irish hospital cancelling outpatient appointments.
Colonial Pipeline abides server gremlins, says it’s not due to another ransomware infection
Axa insurance offshoots pwned as Ireland discloses second ransomware hit
48 ways you can prevent file-scrambling, data-stealing miscreants – or so says the Ransomware Task Force
Emotet malware self-destructs after cops supply time-bomb DLL to infected Windows PCs
Several ransomware operators have guaranteed that they will not target medical organisations during the current pendamic, but evidently both honour and regularity is lacking among buglers.
The Register acknowledged that institutions and businesses with binds to the hospital system have been alerted to the situation, are aware of the capability for the ransomware infection to spread instantly, and are acting appropriately to save their operations.