The Ministry of Health abandoned an effort to secure all district health board computer systems citing budget constraints.Obviously IT security is imperfect, and there's no guarantee that this would have protected Waikato DHB against the current attack. But in the current context, it looks like an awful mistake. And what drove this mistake was exactly what Coughlan wrote about: the government seeing everything as a cost. As for the cost of their cheapness, well, the people of Waikato get to pay that, while Ministry of Health executives laugh all the way to the bank.The Government also has not followed through on its Cyber Security Strategy 2019 which promised annual reports around cybersecurity breaches.
[...]
Stuff has seen messages between IT industry vendors showing high-ranked Ministry of Health technology personnel discussing a more advanced cybersecurity system with the industry in 2019. Conversations ended because the department said it had no approved budget to pay for the proposed system.
Monday, May 31, 2021
The cost of cheapness
Last week, in the wake of the budget, Stuff's Thomas Coughlan had a rather pointy article about how the government systematically mismanages public finances, by only measuring the cost of doing things and ignoring the cost of not doing them. Job-creation, which reduces welfare spending and increases taxes? Cost. Child-poverty, which has enormous long-term benefits for health, crime, education and other social statistics, leading to big savings across the board? Cost. Fixing climate change, reducing the likelihood of enormous floods in future? Cost. And we're receiving a rather graphic demonstration of this right now, with the ongoing ransomware attack on Waikato DHB, which has basicly disabled it for two weeks. Because of course there was a proposal to upgrade DHB IT security to reduce the risk of such attacks, which of course was shitcanned on cost grounds: