Waikato DHB ransomware attack documents
Scott made this Official Information request to Ministry of Health
The request was successful.
From: Scott
Dear Ministry of Health,
This is a request for information relating to the Waikato DHB ransomware attack. I would like to request copies of the following documents on the topic of this incident:
1) The Ministry of Health communications plan
2) The Ministry of Health response plan or action plan
3) All briefings, reports or memoranda provided to Minister Andrew Little
Yours faithfully,
Scott
From: OIA Requests
Kia ora Scott,
Thank you for your request for official information received on 17
September 2021 for:
"This is a request for information relating to the Waikato DHB ransomware
attack. I would like to request copies of the following documents on the
topic of this incident:
1) The Ministry of Health communications plan
2) The Ministry of Health response plan or action plan
3) All briefings, reports or memoranda provided to Minister
Andrew Little”
The Ministry's reference number for your request is: H202112506.
As required under the Official Information Act 1982, the Ministry will
endeavour to respond to your request no later than 15 October 2021, being
20 working days after the day your request was received.
Due to the COVID-19 global pandemic response, the Ministry is experiencing
significantly higher volumes of queries and requests for information. If
we are unable to respond to your request within this time frame, we will
notify you of an extension of that time frame.
If you have any queries related to this request, please do not hesitate to
get in touch.
Ngâ mihi
OIA Services
Government Services
Office of the Director-General
Ministry of Health
E: [1][email address]
show quoted sections
References
Visible links
1. mailto:[email address]
From: OIA Requests
Kia ora Scott,
Thank you for your request for official information, received on 17
September 2021, requesting:
“Information relating to the Waikato DHB ransomware attack. I would like
to request copies of the following documents on the topic of this
incident:
1) The Ministry of Health communications plan
2) The Ministry of Health response plan or action plan
3) All briefings, reports or memoranda provided to Minister
Andrew Little”
The Ministry of Health has decided to extend the period of time available
to respond to your request under section 15A of the Official Information
Act 1982 (the Act) as further consultation is required.
You can now expect a response to your request on, or before, 1 November
2021.
You have the right, under section 28 of the Act, to ask the Ombudsman to
review my decision to extend the time available to respond to your
request.
Ngâ mihi
OIA Services
Government Services
Office of the Director-General
Ministry of Health
E: [1][email address]
show quoted sections
References
Visible links
1. mailto:[email address]
From: OIA Requests
Kia ora Scott,
Please find attached a response to your official information act request.
Ngā mihi
OIA Services
Government Services
Office of the Director-General
Ministry of Health
E: [1][email address]
show quoted sections
References
Visible links
1. mailto:[email address]
From: Scott
Dear Ministry of Health,
Thank you for this response.
In regards to item 3 of my request (the briefings to Minister Little) which you have decided to withhold entirely, I notice that you are treating these reports differently than similar briefings produced for the 2019 Tū Ora Compass Health cyber security incident, which were made public on the Ministry website less than 4 months after the incident occured:
https://www.health.govt.nz/about-ministr...
How does the Ministry explain this discrepancy? If I don't hear back from you on this, I plan to refer this to the Ombudsman to review based on the precedent set by the Tū Ora case.
Yours sincerely,
Scott
From: OIA Requests
Kia ora Scott,
Thank you for your follow up email.
There are different circumstances relating to the breaches. The response
to the Waikato breach is ongoing, with concerns about ongoing risk and the
reporting is more specific than in the Tu Ora case.
By the time the Tu Ora docs were released, the corrective steps had been
taken and were finalised, and the information released was done on a
considered basis with regard to potential risk.
In addition, as the Tu Ora breach related to a private organisation, the
Ministry were not as close to the breach.
Under section 28(3) of the Act you have the right to ask the Ombudsman to
review any decisions made under this request. The Ombudsman may be
contacted by email at: [1][email address] or by calling 0800
802 602.
Ngā mihi
OIA Services Team
[2]Ministry of Health information releases
[3]Unite against COVID-19
------------------------------------------------------------------------
From: Scott <[FOI #16776 email]>
Sent: Monday, 18 October 2021 18:11
To: OIA Requests <[email address]>
Subject: Re: Response to your official information act request
(ref_H202112506)
Dear Ministry of Health,
Thank you for this response.
In regards to item 3 of my request (the briefings to Minister Little)
which you have decided to withhold entirely, I notice that you are
treating these reports differently than similar briefings produced for the
2019 Tū Ora Compass Health cyber security incident, which were made public
on the Ministry website less than 4 months after the incident occured:
[4]https://www.health.govt.nz/about-ministr...
How does the Ministry explain this discrepancy? If I don't hear back from
you on this, I plan to refer this to the Ombudsman to review based on the
precedent set by the Tū Ora case.
Yours sincerely,
Scott
show quoted sections
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence