Waikato DHB ransomware attack documents

Scott made this Official Information request to Ministry of Health

The request was successful.

From: Scott

Dear Ministry of Health,

This is a request for information relating to the Waikato DHB ransomware attack. I would like to request copies of the following documents on the topic of this incident:

1) The Ministry of Health communications plan
2) The Ministry of Health response plan or action plan
3) All briefings, reports or memoranda provided to Minister Andrew Little

Yours faithfully,

Scott

Link to this

From: OIA Requests


Attachment image001.png
7K Download


Kia ora Scott,

 

Thank you for your request for official information received on 17
September 2021 for:

 

"This is a request for information relating to the Waikato DHB ransomware
attack. I would like to request copies of the following documents on the
topic of this incident:

 

1)            The Ministry of Health communications plan

2)            The Ministry of Health response plan or action plan

3)            All briefings, reports or memoranda provided to Minister
Andrew Little”

 

The Ministry's reference number for your request is: H202112506.

 

As required under the Official Information Act 1982, the Ministry will
endeavour to respond to your request no later than 15 October 2021, being
20 working days after the day your request was received.

 

Due to the COVID-19 global pandemic response, the Ministry is experiencing
significantly higher volumes of queries and requests for information. If
we are unable to respond to your request within this time frame, we will
notify you of an extension of that time frame.

 

If you have any queries related to this request, please do not hesitate to
get in touch.

 

Ngâ mihi

 

OIA Services

Government Services

Office of the Director-General

Ministry of Health

E: [1][email address]

 

 

****************************************************************************
Statement of confidentiality: This e-mail message and any accompanying
attachments may contain information that is IN-CONFIDENCE and subject to
legal privilege.
If you are not the intended recipient, do not read, use, disseminate,
distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message.
****************************************************************************

--------------------------------------------------------------------------

This e-mail message has been scanned for Viruses and Content and cleared
by the Ministry of Health's Content and Virus Filtering Gateway

--------------------------------------------------------------------------

References

Visible links
1. mailto:[email address]

hide quoted sections

Link to this

From: OIA Requests


Attachment image003.jpg
2K Download


Kia ora Scott,

 

Thank you for your request for official information, received on 17
September 2021, requesting:

 

“Information relating to the Waikato DHB ransomware attack. I would like
to request copies of the following documents on the topic of this
incident:

 

1)            The Ministry of Health communications plan

2)            The Ministry of Health response plan or action plan

3)            All briefings, reports or memoranda provided to Minister
Andrew Little”

 

The Ministry of Health has decided to extend the period of time available
to respond to your request under section 15A of the Official Information
Act 1982 (the Act) as further consultation is required.

 

You can now expect a response to your request on, or before, 1 November
2021.

 

You have the right, under section 28 of the Act, to ask the Ombudsman to
review my decision to extend the time available to respond to your
request.

 

Ngâ mihi 

 

OIA Services

Government Services

Office of the Director-General

Ministry of Health

E: [1][email address]

 

 

****************************************************************************
Statement of confidentiality: This e-mail message and any accompanying
attachments may contain information that is IN-CONFIDENCE and subject to
legal privilege.
If you are not the intended recipient, do not read, use, disseminate,
distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message.
****************************************************************************

--------------------------------------------------------------------------

This e-mail message has been scanned for Viruses and Content and cleared
by the Ministry of Health's Content and Virus Filtering Gateway

--------------------------------------------------------------------------

References

Visible links
1. mailto:[email address]

hide quoted sections

Link to this

From: OIA Requests


Attachment image.png
20K Download

Attachment Cyber Security communications strategy FINAL.pdf
815K Download View as HTML

Attachment H202112506 Scott response.pdf
282K Download View as HTML


Kia ora Scott,  

 

Please find attached a response to your official information act request. 

 

Ngā mihi  

 

OIA Services 

Government Services 

Office of the Director-General 

Ministry of Health 

E: [1][email address

 

 

****************************************************************************
Statement of confidentiality: This e-mail message and any accompanying
attachments may contain information that is IN-CONFIDENCE and subject to
legal privilege.
If you are not the intended recipient, do not read, use, disseminate,
distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message.
****************************************************************************

--------------------------------------------------------------------------

This e-mail message has been scanned for Viruses and Content and cleared
by the Ministry of Health's Content and Virus Filtering Gateway

--------------------------------------------------------------------------

References

Visible links
1. mailto:[email address]

hide quoted sections

Link to this

From: Scott

Dear Ministry of Health,

Thank you for this response.

In regards to item 3 of my request (the briefings to Minister Little) which you have decided to withhold entirely, I notice that you are treating these reports differently than similar briefings produced for the 2019 Tū Ora Compass Health cyber security incident, which were made public on the Ministry website less than 4 months after the incident occured:

https://www.health.govt.nz/about-ministr...

How does the Ministry explain this discrepancy? If I don't hear back from you on this, I plan to refer this to the Ombudsman to review based on the precedent set by the Tū Ora case.

Yours sincerely,

Scott

Link to this

From: OIA Requests


Attachment image.png
14K Download


Kia ora Scott,

 

 

Thank you for your follow up email. 

 

There are different circumstances relating to the breaches. The response
to the Waikato breach is ongoing, with concerns about ongoing risk and the
reporting is more specific than in the Tu Ora case.

 

By the time the Tu Ora docs were released, the corrective steps had been
taken and were finalised, and the information released was done on a
considered basis with regard to potential risk.

 

In addition, as the Tu Ora breach related to a private organisation, the
Ministry were not as close to the breach.

 

Under section 28(3) of the Act you have the right to ask the Ombudsman to
review any decisions made under this request. The Ombudsman may be
contacted by email at: [1][email address] or by calling 0800
802 602. 

  

Ngā mihi 

OIA Services Team 

  

[2]Ministry of Health information releases 

[3]Unite against COVID-19 

 

 

------------------------------------------------------------------------

From: Scott <[FOI #16776 email]>
Sent: Monday, 18 October 2021 18:11
To: OIA Requests <[email address]>
Subject: Re: Response to your official information act request
(ref_H202112506)

 

Dear Ministry of Health,

Thank you for this response.

In regards to item 3 of my request (the briefings to Minister Little)
which you have decided to withhold entirely, I notice that you are
treating these reports differently than similar briefings produced for the
2019 Tū Ora Compass Health cyber security incident, which were made public
on the Ministry website less than 4 months after the incident occured:

[4]https://www.health.govt.nz/about-ministr...

How does the Ministry explain this discrepancy? If I don't hear back from
you on this, I plan to refer this to the Ombudsman to review based on the
precedent set by the Tū Ora case.

Yours sincerely,

Scott

-----Original Message-----

Kia ora Scott,  

  

 Please find attached a response to your official information act
request. 

  

 Ngā mihi  

  

 OIA Services 

 Government Services 

 Office of the Director-General 

 Ministry of Health 

 E: [1][email address

  

  
 
 
References

 Visible links
 1. [5]mailto:[email address]

-------------------------------------------------------------------
Please use this email address for all replies to this request:
[FOI #16776 email]

Disclaimer: This message and any reply that you make will be published on
the internet. Our privacy and copyright policies:
[6]https://scanmail.trustwave.com/?c=15517&...

If you find this service useful as an Official Information officer, please
ask your web manager to link to us from your organisation's OIA or LGOIMA
page.

-------------------------------------------------------------------

****************************************************************************
Statement of confidentiality: This e-mail message and any accompanying
attachments may contain information that is IN-CONFIDENCE and subject to
legal privilege.
If you are not the intended recipient, do not read, use, disseminate,
distribute or copy this message or attachments.
If you have received this message in error, please notify the sender
immediately and delete this message.
****************************************************************************

--------------------------------------------------------------------------

This e-mail message has been scanned for Viruses and Content and cleared
by the Ministry of Health's Content and Virus Filtering Gateway

--------------------------------------------------------------------------

References

Visible links
1. mailto:[email address]
2. https://www.health.govt.nz/about-ministr...
3. https://covid19.govt.nz/
4. https://www.health.govt.nz/about-ministr...
5. mailto:[email
6. https://scanmail.trustwave.com/?c=15517&...

hide quoted sections

Link to this

Things to do with this request

Anyone:
Ministry of Health only: