International cyber criminals are stepping up their attacks on government agencies and hospitals in an effort to extort cash.
But IT experts warn the growing threat is simply a reality of operating in a digitally-connected world.
Waikato DHB information services director Geoff King said attacks on the hospital’s computers had increased at a concerning rate.
The attacks reflect the fact groups and individuals were able to make money from ransomware and other malicious schemes.
READ MORE: * Emergency cyber security unit to handle all reports of cyber threats in New Zealand * Troubled IT rollout puts reputation and jobs on the line * New Waikato health institute to foster innovation
Ransomware is a form of computer malware that installs on a victim’s computer and holds data hostage until a ransom is paid.
Ransomware is often delivered via a phishing email.
King said the country’s hospitals and the public sector were prime targets for cyber criminals.
“The reality is the base principle they apply is ability to pay,” King said.
“If you want to extract cash, you target those who have got the biggest cheque books, so the health sector and the government sector are targeted.”
New Zealand’s experience reflects overseas trends.
The FBI estimate cyber criminals used ransomware to extort $150 million from the healthcare sector in 2016.
King, speaking at the Waikato DHB’s performance monitoring committee, said the health board had never paid a ransom despite experiencing a breach.
On one occasion, a nurse clicked on an email link which encrypted “a whole lot of files”, King said.
The files were restored from backups.
“Once you pay [a ransom] you go onto a list of organisations that are likely to keep paying,” King said.
In March, the National Cyber Security Centre (NCSC) released its cyber threat report for 2015/16.
In the 12 months to June, 2016, NCSC recorded 338 cyber incidents, up from 190 in 2014/15.
Of the 338 incidents, 169 involved the public sector and 73 were in the private sector.
The remaining attacks were aimed at small businesses and individuals.
The report noted that while recorded cyber attacks had increased, it likely represented only a small proportion of total incidents impacting New Zealand.
International IT security providers identify more than 200,000 new malware variants each day.
King said New Zealand’s position as the first country to see the new day created its own challenges.
“When a new hack is released overnight, we’re the first country to have business hours after the overnight attack, so we see it before the United States.”
Meanwhile, King said the retention of IT staff was a growing issue for the health board, with staff turnover at 10 per cent in 2017.
Aggravating the situation was an IT skill shortage across the country.
King said salaries across the sector were going up, resulting in the DHB losing staff to the private sector as well as other government agencies.
“We’re working with HR but I think, just like the housing market, there is a shortage, and it’s getting bigger and bigger,” he said.
“I’ve spoken to my colleagues in other Government agencies and they’ve got the same skill shortage. While we agree to disagree, we pay less than they do.”
Board member Mary Anne Gill said she was concerned the board was losing staff to other government employers.
“It’s not a nice way to play in the sandpit. You wonder how they get the money when we can’t,” Gill said.