Key Takeaways:
- A cyber breach has exposed medical records of up to 126,000 people who use the ManageMyHealth patient information portal.
- The Privacy Commissioner has been asked to reconsider his decision not to investigate the impact of cuts to Health NZ’s digital services workforce.
- The Minister of Health has called the breach "a very concerning breach of patient data" and has directed officials to provide advice on strengthening assurance around the protection and security of health data.
- An independent review of the breach is being considered, and Health New Zealand is utilizing independent cyber security specialist capability to provide further assurance that the vulnerabilities have been addressed.
- ManageMyHealth is New Zealand’s largest patient information portal, with approximately 1.8 million registered users.
Introduction to the Breach
The ManageMyHealth cyber breach has exposed the medical records of up to 126,000 people, sparking concerns about the security of patient data in New Zealand. The breach has been described as "a very concerning breach of patient data" by Minister of Health Simeon Brown, who has directed officials to provide advice on strengthening assurance around the protection and security of health data. The incident has also led to calls for the Privacy Commissioner to reconsider his decision not to investigate the impact of cuts to Health NZ’s digital services workforce.
Response to the Breach
The operators of ManageMyHealth have confirmed that they have received independent confirmation from IT experts that the flaws in its code have been fixed. The company has also stated that they now have the complete list of people whose documents may have been accessed and expect forensic confirmation of the documents affected in the coming days. A cross-agency Incident Management Team has been established to support ManageMyHealth, and Health New Zealand is utilizing independent cyber security specialist capability to provide further assurance that the vulnerabilities that led to the breach have been addressed.
Concerns about Privacy and Security
The breach has raised concerns about the privacy and security of patient data in New Zealand. The Public Service Association (PSA) has called on the Privacy Commissioner to reconsider his decision not to investigate the impact of cuts to Health NZ’s digital services workforce, citing the ManageMyHealth breach as evidence of the need for greater scrutiny. The Privacy Commissioner has stated that he has ongoing discussions with Health New Zealand around its privacy and personal information responsibilities, but has not initiated an investigation into the breach.
Government Response
The government has responded to the breach by directing officials to provide advice on what can be done to strengthen assurance around the protection and security of health data. Minister of Health Simeon Brown has also sought advice on options for an independent review of what has occurred. The Minister has emphasized that ManageMyHealth is a private company responsible for protecting patient data and has called on the company to provide regular and timely information to its users about the breach and the steps being taken to address it.
Impact on Patients
The breach has affected up to 126,000 people who use the ManageMyHealth patient information portal, which is New Zealand’s largest patient information portal with approximately 1.8 million registered users. Patients who may have been impacted by the breach are being warned to be vigilant and to monitor their personal information for any signs of unauthorized access. The breach has also raised concerns about the potential for identity theft and other forms of cybercrime, and patients are being advised to take steps to protect themselves from these risks.
Conclusion
The ManageMyHealth cyber breach has highlighted the need for greater scrutiny of the security and privacy of patient data in New Zealand. The incident has sparked calls for an independent review and has raised concerns about the potential for similar breaches to occur in the future. The government and health sector organizations must take steps to strengthen assurance around the protection and security of health data, and to ensure that patients are informed and protected in the event of a breach. By taking a proactive and transparent approach to addressing the breach, the government and health sector organizations can help to maintain public confidence and ensure that patient data is protected.
