In mid-May 2021 hospital computer systems and phone lines run by the Waikato District Health Board (DHB) in New Zealand were affected by a ransomware attack. On 25 May, an unidentified group claimed responsibility for the hack and issued an ultimatum to the Waikato DHB, having obtained sensitive data about patients, staff and finances. The Waikato DHB and New Zealand Government ruled out paying the ransom.
According to the Stuff journalist Dileepa Fonseka, the Ministry of Health had entered into negotiations with information technology industrial vendors in 2019 to purchase a more advanced cybersecurity system for the country’s district health boards. However, these negotiations were abandoned since the Ministry lacked the budget to purchase the proposed system.
The cyber attack on the Waikato District Health Board that began on 19 May 2021 brought down all IT systems and phone lines. Kevin Snee, chief of Waikato DHB, said that he did not know who was responsible for the attack or if it was related to the Health Service Executive cyberattack.
On 25 May 2021, The New Zealand Herald reported that an unidentified group had claimed responsibility for the hack. This group had reportedly accessed confidential patient notes, staff details, and financial information. The group also claimed that they had given the Waikato DHB seven days to contact them following the cyber attack. The group reportedly deleted most of the backup files but offered to help restore the systems if the Waikato DHB responded to their communications. In response, the Waikato DHB chief executive Snee refused to confirm or deny whether the DHB had been in contact with the hackers. Snee also stated that the DHB would not be paying any ransom.
On 27 May, senior Waikato DHB officials confirmed that hackers had seized patient and staff details and that files sent to several media including The New Zealand Herald contained genuine information. These files have been handed to the Police. DHB chief executive Snee confirmed that the body was working with privacy experts and providing affected patients with support. Snee stated that the Waikato DHB’s COVID-19 vaccination programme had not been affected by the cyberattack and was ten percent ahead of its rollout target. Emsisoft cybersecurity expert Fabian Wosar speculated that the hacker’s ransom demand for the Waikato DHB’s hacked data was likely in the millions or even millions of dollars; potentially making it the biggest Zepellin data breached if confirmed.