I really feel for the staff of Waikato District Health Board (DHB) at this time. Under attack by a faceless attacker; a profiteer unconcerned by the chaos they’re causing and the impact they’re having. And of course, there are many customers of Waikato DHB affected too, in some cases severely so.

In the midst of the long journey back to normalcy that Waikato DHB is now embarking on, this is an opportunity for us all to ask ourselves some hard questions and have a close look at how we as organisations stack up. Based on what we know about the situation, there are already some key takeaways that we can immediately apply in our own situations.

Good hygiene

Of primary concern, good hygiene is essential (the irony of this phrase in the context of health is not lost on me). Good hygiene in cybersecurity means doing the basics right across people, process, and technology. Onboarding and offboarding users into your systems is key to this because it helps ensure that accounts don’t have too much access, particularly when accounts are no longer active or legitimate. This is primarily something that should be enforced at a people and process level, but technology can help too. Improving your human resources (HR) process is also a good opportunity to enforce better password management and multi-factor authentication (MFA). MFA alone stops the vast majority of account/identity-based attacks.

Coverage of devices

Good hygiene is also about patching devices, platforms, and applications and keeping them up-to-date so they are still supported by vendors. Something that is not talked about as much is the coverage of devices. It’s all very well to update most of your devices, but if some stuff is going to be left unpatched or not updated, then the rest of your environment remains at risk and must be protected from ‘that old stuff’. We know that many DHBs and other large organisations have plenty of this ‘old stuff’. Knowing what might have been missed is a major headache and that’s where vulnerability management comes in — tools and services that continually highlight where you have gaps and allow you to take the necessary precautions.

How did the attack at Waikato DHB start though? Possibly through stolen credentials that the above precautions help protect against, but just as easily through someone clicking on a link and inadvertently installing some malware. A market-leading endpoint protection tool is the first line of defence when email security and user training has already failed. Endpoint protection must be a true EDR tool (endpoint detection and response) and not just anti-malware. These tools look for anomalies, not just already known malware and they allow security professionals to quickly respond to incidents (over and above the automatic response already built into these tools). Finally, we use data from these tools in our security operations centre (SOC) to centrally defend organisations and respond to attacks.

Other key areas

Want to go a little deeper? Other areas that could have helped Waikato DHB and are key building blocks for every organisation includes:

  • Organisational security policies, ideally enforced by technology (to reduce risk)
  • Segmented networks (to stop the spread of any attack)
  • Offline backups (to enable the restoration of services after bad thing happen)
  • Privileged access management (to limit the number of accounts that can execute critical changes)
  • Visibility of security-relevant information using a SOC and SIEM (security incident and event management) (lots of data going to one place and monitored by market-leading tools and professionals)
  • And, of course, regular testing of backups, failovers, and security measures (assurance that what you’ve done actually works).

No organisation is unhackable, but we can make it a lot harder for attackers and we can make it much easier for ourselves to respond when we do get attacked. In return, we get safer organisations that move faster and can continue to deliver more and better services to their stakeholders and customers.

Related industries
Healthcare
Related solutions
Security