Waikato DHB is getting closer to reinstating some of its IT systems, with staff working around the clock to try to get its first server back online by the end of this week.
The DHB's entire computer system was taken offline almost two weeks ago after the biggest-ever cyber attack on a New Zealand organisation.
Since then staff at Waikato, Thames, Te Kuiti, Taumarunui and Tokoroa hospitals have had to use pen and paper and rely on manual processes to keep treating the region's patients.
Hundreds of surgeries and outpatient appointments have been cancelled.
But with the help of a large number of IT experts, the Waikato DHB said it had made good progress toward standing up its first system and would have a better idea in the next few days about whether it would be done by the end of the week.
Waikato DHB chief executive Kevin Snee said the priority IT systems to get back up and running would be radiation therapy, laboratory systems, radiology and patient management systems.
"There's still a bit of a way to go in a number of these areas before we have functioning services."
He said once the servers were back online the machines still needed to be collaborated as it was "quite complicated kit".
Snee said they had a relatively smooth weekend and reminded people to keep away from the emergency department unless they needed urgent care.
He reminded people there would be delays and asked for patience.
The DHB had called the majority of patients whose personal details had been compromised over the weekend, but there were still one or two who needed to be reached.
"We are continuing to review the files and come to a judgment of what has and has not been released."
Snee would not say exactly how many patients had been affected and said he had not received feedback about how the calls went.
However, he said it was a "relatively small" number.
Snee said in a circumstance like this you could get opportunistic emails in the hope they could scam you so people needed to be aware of this.
It's a timely reminder we take some of these things for granted and we need to be careful with personal information, he said.
He was not aware of patients' files being sent anywhere else other than to media.
Waikato DHB was still working with other DHBs to look at where there was capacity should it need to transfer patients.
As part of the DHB's recovery plan, each service was looking at all the handwritten notes it had collected over the past few weeks to try to determine how long it would take to input that into the systems once it was back up and running.
Last Monday night several media agencies, including the Herald, were contacted by the group claiming responsibility for the cyber attack, via an email with attached files containing patient and staff information.
The attackers also claimed they had warned the DHB and were giving it one more chance to respond to their demands.
The Herald provided the email to police.
Snee has since confirmed the confidential information provided to media was genuine and the DHB would be in touch with affected parties to let them know and provide support this week.
Privacy Commissioner John Edwards said last week that it was his expectation that the DHB would notify and offer support to the individuals identified in that information without delay.
"We would also expect that the DHB would be actively monitoring for potential host sites on the Dark Web or elsewhere."
If the DHB was found not to have taken adequate security measures to protect its information systems, it could be liable to any staff member, contractor or patient who suffers harm as a result, he said.