Key Takeaways:
- Manage My Health, a patient health portal, has suffered a ransomware attack, resulting in the theft of patient health records.
- Affected patients are struggling to get information, with the website crashing and the 0800 number overloaded.
- Patients are expressing frustration and anger at the company’s handling of the situation, including poor communication and technical difficulties.
- The company has apologized for the breach and hopes to have contacted all affected patients by early next week.
- Patients are advised to take steps to secure their accounts, including changing passwords and enabling multi-factor authentication.
Introduction to the Breach
The recent ransomware attack on Manage My Health, a patient health portal, has left many patients feeling frustrated and angry. The company has apologized for the breach, which has resulted in the theft of patient health records, and is working to contact all affected patients. However, the process has been slow, with many patients struggling to get information due to technical difficulties. The website has been crashing, and the 0800 number has been overloaded, leaving patients feeling helpless and concerned about their personal health information.
Patient Experiences
Patients who have been affected by the breach are sharing their experiences, with many expressing frustration and anger at the company’s handling of the situation. Andrea, a patient from Wellington, received an email informing her that she had been "impacted" by the breach, but was unable to log in to the website to get more information. She tried calling the helpline, but was cut off after 11 minutes and was unable to get through again due to the high volume of calls. Another patient, Nel, received two emails from Manage My Health, one of which advised that her health documents had been impacted, while the other stated that her personal health data was not affected. This mixed messaging has left patients feeling confused and unsure of what to do.
Lack of Transparency and Accountability
Patients are also questioning the lack of transparency and accountability from Manage My Health. Lou, a patient who has been affected by the breach, is angry with the company’s "arguably criminal negligence" and poor communication. He is concerned that his sensitive health information is now in the hands of unknown individuals, putting him at risk of scams and identity theft. He is also frustrated that the company has not provided adequate information about the breach, including the steps they are taking to prevent similar incidents in the future. The lack of transparency and accountability has eroded trust in the company, with many patients feeling that they have been let down.
Technical Difficulties and Barriers
In addition to the emotional distress caused by the breach, patients are also facing technical difficulties and barriers in trying to access their accounts and secure their information. A New Zealander currently based overseas reported that she was unable to access her account due to security measures put in place by Manage My Health. The company had blocked her ability to log in, citing "security reasons," but this has prevented her from taking steps to secure her account and protect her personal health information. Other patients have reported receiving blank emails or being unable to get through to the helpline, further exacerbating the frustration and anxiety caused by the breach.
Company Response
Manage My Health has apologized for the breach and is working to contact all affected patients. The company has stated that it understands the distress and frustration caused by the breach and is taking steps to prevent similar incidents in the future. However, the company’s response has been criticized for being slow and inadequate, with many patients feeling that they have not been provided with sufficient information or support. The company has directed patients to contact them using existing methods, but this has been difficult due to technical difficulties and high volumes of calls. The company has also stated that it is unable to provide any comment on the hacker or any ransom demand, leaving patients with many unanswered questions.
Conclusion and Next Steps
The ransomware attack on Manage My Health has highlighted the importance of cybersecurity and data protection in the healthcare sector. Patients have a right to expect that their personal health information will be protected, and companies have a responsibility to ensure that this information is secure. The breach has caused significant distress and anxiety for patients, and it is essential that Manage My Health takes steps to prevent similar incidents in the future. Patients who have been affected by the breach should take steps to secure their accounts, including changing passwords and enabling multi-factor authentication. They should also consider contacting the Office of the Privacy Commissioner to report their concerns and seek advice on how to protect their personal health information. Ultimately, the breach serves as a reminder of the importance of transparency, accountability, and robust cybersecurity measures in protecting patient data.