A document obtained by RNZ shows the extent of system failures within the health sector during the global Crowdstrike outage earlier this year.
A Health NZ Te Whatu Ora incident report, obtained under the Official Information Act, showed multiple clinical applications and services were unavailable in all four health regions across the country during the Crowdstrike IT outage on July 19.
It was five months ago today that up to 8.5 million computers around the world were disabled when US Cybersecurity Crowdstrike sent out a corrupted software update to customers around the world.
Banking and payment systems crashed, international flights were grounded, and health systems were affected.
RNZ received a message at the time that said an integral part of the medical system at a hospital had crashed, causing significant delays and compromising patient safety.
In New Zealand, the "most significant clinical impact" of the outage occurred in the central region and West Coast district, the report said.
In the Wellington, Hutt Valley and Wairarapa districts, programmes providing the clinicians' main source of patient details crashed - including patient demographic details, radiology images and test results - between 5pm and 8.30pm.
A 777 emergency phone system, used by operators to call or text staff to respond to an emergency, was also unavailable at these hospitals.
"Patient care may have been impacted during this period, as clinicians may have been prevented from making timely patient care decisions."
Staff needed to find ways around the crashes to continue providing patient care, the report said.
In the West Coast district, at Te Nīkau hospital's ED department and general ward in Greymouth, a patient management system used from ED admission, to transfer or discharge patients to another hospital, also crashed.
In the Te Manawa Taki Waikato/central North Island region, issues included theatre booking systems not working, and in the Northern region - including Auckland, Counties Manukau and Waitematā - the meal ordering system was unavailable, though staff were able to order the meals themselves.
Different programmes crashed, and were rebooted after differing amounts of time during the outage, with all services restored by 10am on July 20.
The details came in the wake of staff warning that a proposal to cut 1100 data and digital staff at Health NZ could lead to greater risk of IT faults and outages lasting longer, with fewer staff to "troubleshoot, maintain, and restore essential hospital systems."
Health NZ's director of digital enterprise services James Allison said, "Overall, Health NZ does not believe there was any significant clinical impact arising from this incident."
Allison said the Crowdstrike outage was not a cyberattack, back-up procedures were in place for staff and it's duration was manageable.
He said Health NZ had worked on a Cybersecurity Uplift Programme, between January 2022 and June 2024, which had mitigated the impact of the Crowdstrike outage.
A Health NZ spokesperson said they could not speculate on a proposal to cut data and digital jobs while the consultation process was ongoing with staff.