Key Takeaways:
- A cyber security breach has occurred at ManageMyHealth, a patient information portal, with unauthorized access to the platform
- The breach has been "contained" according to the company, but the extent of the breach and whether patient health records have been compromised is still unknown
- The government is seeking assurances that patient data and privacy are being protected, and expects transparent communication from ManageMyHealth
- Cyber security experts have raised concerns about the potential severity of the breach, with one expert stating that it could be catastrophic on a New Zealand scale
- GPs and patients are still waiting to hear if their health records have been compromised, with many expressing frustration at the lack of information and communication from ManageMyHealth
Introduction to the Breach
A cyber security breach at ManageMyHealth, a patient information portal, has been "contained" according to the company. However, GPs and patients are still waiting to hear if their health records have been compromised. The government is also seeking assurances that patient data and privacy are being protected, with duty minister Karen Chhour stating that the breach was "incredibly concerning" for patients. The minister of health has asked for urgent assurances from Health NZ and ManageMyHealth that everything is being done to protect patient data and patient privacy.
Company Response
The chief executive of ManageMyHealth, Vino Ramayah, has stated that the incident had been contained and was currently under investigation. He assured users, customers, and stakeholders that the protection of their health information was being taken extremely seriously. Ramayah also stated that the company was working closely with the relevant authorities and independent cybersecurity specialists to investigate the breach. However, he noted that any information provided would need to be accurate and verified, and that updates would be shared as information becomes available.
Government and Health NZ Response
A Health New Zealand spokesperson told RNZ that it was working closely with the app’s operators to understand any impacts. However, the spokesperson referred any updates to ManageMyHealth, stating that the incident was directly impacting the company. The government is seeking assurances that patient data and privacy are being protected, and expects transparent communication from ManageMyHealth. The minister of health has asked for urgent assurances that everything is being done to protect patient data and patient privacy.
Expert Analysis
Cyber security expert Daniel Ayers has raised concerns about the potential severity of the breach, stating that ManageMyHealth was using an outdated encryption protocol. He noted that the breach could be catastrophic on a New Zealand scale, with over 400,000 files potentially compromised. Ayers also stated that the claim of a ransomware attack should be taken seriously, with a cyber crime group demanding a ransom of $60,000. However, it is worth noting that other security experts have disputed Ayers’ claims about the app’s encryption protocols.
GP and Patient Concerns
GPs and patients are still waiting to hear if their health records have been compromised, with many expressing frustration at the lack of information and communication from ManageMyHealth. The president of the College of GPs, Dr Luke Bradford, stated that he only learned about the potential breach through the media, and that it was "terribly disappointing". Dr Bradford noted that ManageMyHealth was a key tool for patients, allowing them to access their records and better manage their health. However, he stated that if patient data was not safe, then their very personal information was not safe, and that was really concerning.
Call for Transparency
General Practice NZ chair Dr Bryan Betty agreed that the situation was extremely worrying, and that health data in terms of patients was incredibly important. He stated that any breach like this had to be taken extremely seriously and had to be actioned as a matter of urgency. Dr Betty noted that there should be free and open transparency about the situation and what’s actually happened, both for patients and practices that use the ManageMyHealth portal. He expected that to be part of ManageMyHealth’s management of the present situation.
Conclusion
In conclusion, the cyber security breach at ManageMyHealth has raised serious concerns about the protection of patient data and privacy. While the company has stated that the breach has been contained, the extent of the breach and whether patient health records have been compromised is still unknown. The government and health experts are seeking assurances that patient data and privacy are being protected, and expect transparent communication from ManageMyHealth. GPs and patients are still waiting to hear if their health records have been compromised, and are expressing frustration at the lack of information and communication from the company. It is essential that ManageMyHealth provides timely and transparent updates to address the concerns of all stakeholders involved.
