Te Whatu Ora continues to negotiate Waikato DHB cyber insurance claim

Te Whatu Ora continues to negotiate Waikato DHB cyber insurance claim

A full $16.5 million insurance payout is still expected as the new agency beefs up security.

Waikato Hospital

Waikato Hospital

Credit: Supplied

Te Watu Ora - Health NZ expects a full payout from its cyber security insurers as negotiations continue in the wake of the costly Waikato DHB attack.

The new agency, which took charge of the former DHBs on 1 July last year, was told in a handover document related to that process that forensic accounting firm Marsh Forensic had collated and passed on all supporting documentation received up to 31 March 2022 to the accountants and lawyers who were working on behalf of the insurers.

The claims made totalled $16.5 million.

"Some further work still needs to be done by the Marsh Forensic team on the accruals and adjustments, although Marsh note that given the overall value of the claim costs subject to assessment relative to the maximum policy claim cost, this extra reconciliation work is not an issue at this stage," the document said.  

"We therefore continue to expect the cyber policy to be paid out up to its maximum limit (as the costs incurred from the cyber event exceeded the policy limit)." 

Sonny Taite, Te Whatu Ora – Health New Zealand's national chief information security officer, told Reseller News last week the payout discussions remained ongoing and "commercially sensitive".

The handover document said the impact of the attack, a tough global market and the claims made meant cover for the 2022/23 financial year was challenging.

Premiums had increased from $0.4 million to $1.3 million year on year.

"Staff from the national data and digital team helped Marsh Insurance brokers to present the current cyber security status of DHBs, and took them through the Health Cyber Security Programme," the document said.

"It enabled DHBs to put their best foot forward and at least gives grounds for Chubb and AIG teams to put a case up for renewal."

"The cost-benefit trade-off for cyber and other forms of niche insurance is something Health NZ will need to monitor as well as recognising the possibility that claims can so dramatically increase future costs in a category that on a long-term view other forms of risk management may be preferable," the former DHB advised.

Meanwhile, Te Whatu Ora's three-year national Cyber Security Uplift (CSU) programme was launched in February 2022 with just over $75 million in funding.

Te Whatu Ora told Reseller News the programme was implementing a number of initiatives and technologies to increase cyber security capability across the new organisation including multiple Microsoft enhancements to help build cyber security capability.

These included increased protection against ransomware, phishing attempts, brute force attack and compromised accounts. The work was focused on rolling out to more than 110,000 devices across Te Whatu Ora and Te Aka Whai Ora.

A national Security Operations Centre (SOC) has also been created to manage and monitor our security environment.

The SOC was responsible for identifying, analysing, and responding to security incidents and threats by using a range of tools and technologies to detect and prevent cyber-attacks, including firewalls, intrusion detection systems and antivirus software. 

Vulnerability management had also been beefed up, delivering a proactive approach to maintaining security of digital devices by regularly scanning and addressing potential vulnerabilities before they could be exploited. 

"We have procured a new platform to support how we manage this within our organisations," the document said. 

"This platform allows us to scan our IT infrastructure for potential security issues and get detailed reports on the vulnerabilities and risks that have been identified, which in turn helps us to prioritise those most critical issues that require addressing first."

Network security had also been boosted while staff had received awareness training to lift their knowledge and capability including the roll out of attack simulation tools.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags waikato dhbcyber securityTe Whatu OraHealth NZ


EDGE 2024

Register your interest now for EDGE 2024!



How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments