Waikato DHB is rapidly working through the latest dump of confidential information on the dark web before breaking the news to the affected patients.
A cyber security firm enlisted to pull down any hospital information which might be put online has not yet succeeded in its attempts to remove the latest clinical and administrative information which the hospital became aware of at the start of the week.
A Twitter account linked to the information has successfully been locked.
Waikato DHB chief executive Kevin Snee said the DHB was already in talks with staff whose private clinical and administrative information including passports and drivers licences has been leaked online and was going through a process to bring the data together and assess it for the impact it would have on the individual.
Some information which was a mix of historical and recent information related to clinical information, so those clinicians also needed to be involved.
"We are obliged to assess whether sharing that information to the individual you cause more harm especially for patients and sometimes that will need a clinical review."
He expected patients to be contacted by next week if not sooner.
Snee said the DHB had anticipated stolen staff and patient documents might appear on the dark web and had prepared for it. It had been working alongside the Privacy Commissioner and privacy experts.
Snee wouldn't say how many people had been affected or contacted so far in relation to the latest document dump, but those impacted was "more than dozens".
However, in the initial document breach sent to media in May, 165 staff and a much smaller number of patients had been impacted and the DHB had contacted all of those they could.
There was a risk more data could be dumped online, he said.
Snee said the DHB would have to review compensation in light of any evidence, but it was not considering that at this stage.
Waikato DHB executive director Chris Lowry said its hospitals and community services were now all operating.
Services had been prioritised, and from a patient perspective its services were fully functional.
Services such as laboratories and radiology which were severely impacted were back functioning, but there were still some workarounds in places.
Some surgeries were still being outsourced to make sure patients were not facing undue delays.
"We have always said that the restoration of our services would take several weeks and that the restoration of our services would take several months."
Lowry said they were putting as much resources in as needed to make sure they could get back to normal as soon as possible, but did not know how long that would be.
Snee said a key focus was on restoring services and what happened in the past, including how the systems were hacked would be the subject of the inquiry.
The DHB was aware it could become a target for cyber attackers so was taking far greater precaution as it stood up its new systems, he said.
It was "pretty confident of the entry points" of how the hackers got in and had taken all necessary steps to address it.
"I think we are pretty typical of DHBs and other public organisations and I think what is important is that we learn the lessons and make sure all the organisations are as safe as they possibly can be," he said.
The DHB had not had any further contact from the people behind the cyber attacks in recent weeks and did not believe the latest dump was retaliation for not paying a ransom.
He said the attack will no doubt cost millions, but he didn't have the exact figure.