A report into last year's cyberattack of Waikato DHB last year says Te Whatu Ora needs to think like a hacker when building its security softwares.
The ransomware attack last May brought the DHB's hospitals and services to a grinding halt for days, as it tried to restore its IT systems.
A newly-released report by InPhySec Security found staff were quick to respond to the attack, and had an IT response plan, but it had not been tested before the attack and there were issues in its execution.
The DHB was up to date with patching and software vulnerabilities didn't play a role in the incident, and regular security assessments were taken.
However, the report gave a number of recommendations on how Te Whatu Ora should tighten its security resilience.
It recommended that systematic logging and monitoring was mandated across the Te Whatu Ora data estate, including on legacy systems.
Practice drills for incident response plans were needed, the report said.
It also recommended that behavioural insights of cyber criminals should be assessed - that is, to think like a hacker, when building security.
Te Whatu Ora national chief information security officer, Sonny Taite, said the organisation accepted the recommendations and was working to strengthen IT systems in health.
Much of the report's insights into how the DHB was placed prior to the attack has been redacted, as with details of the attack.