Key Takeaways
- A data breach has compromised the health records of approximately 127,000 people in New Zealand, with the attacker demanding a US$60,000 ransom.
- The breach occurred on the ManageMyHealth portal, which has 1.85 million users in New Zealand and is used by medical practitioners to share information with patients.
- The company has been criticized for its handling of the breach, with some victims reporting missing documents and poor communication from the company.
- The New Zealand government has distanced itself from the saga, with the Health Minister stating that ManageMyHealth is responsible for keeping the data safe.
- The Office of the Privacy Commissioner is calling for the Privacy Act to be strengthened to include civil penalties for organizations that fail to protect personal information.
Introduction to the Data Breach
The recent data breach on the ManageMyHealth portal has left many New Zealanders feeling vulnerable and concerned about the safety of their personal health information. One such individual, Jane, has come forward to share her experience with the breach, which has compromised the health records of approximately 127,000 people. Jane, who had been cautious about sharing her personal information, was shocked to discover that her health records had been affected by the breach. She had been using the ManageMyHealth portal to access her health information, but now her documents have disappeared, and she is left wondering what has happened to them.
The ManageMyHealth Portal and Its Users
The ManageMyHealth portal is a widely used platform in New Zealand, with 1.85 million users. It is used by medical practitioners to share information with their patients, including notes from appointments, test results, and prescription information. The portal works in conjunction with one of the two main operating systems used by GP clinics, making it a critical tool for healthcare providers. However, the breach has highlighted the vulnerability of the portal and the need for improved security measures to protect sensitive health information.
The Response to the Breach
ManageMyHealth became aware of the breach on December 30 and has been issuing daily updates. However, the company has been criticized for its handling of the breach, with some victims reporting missing documents and poor communication. Jane, for example, was incensed by the company’s communications being headed "private and confidential," given the circumstances. She has also reported that the 0800 number provided by the company has been clogged and not connecting to an operator. The company’s governance structure has also been called into question, with only two directors, one of whom is the chief executive and sole owner.
Government Response and Accountability
The New Zealand government has distanced itself from the saga, with Health Minister Simeon Brown stating that ManageMyHealth is responsible for keeping the data safe. The Minister has directed the Ministry of Health to conduct a review in the wake of the breach. The Office of the Privacy Commissioner has called for the Privacy Act to be strengthened to include civil penalties for organizations that fail to protect personal information. Health New Zealand, which issues providers with detailed IT guidelines, has not responded to questions about its oversight of companies like ManageMyHealth.
The Need for Improved Security Measures
The breach has highlighted the need for improved security measures to protect sensitive health information. ManageMyHealth has established an advisory board to provide support in the wake of the attack, but more needs to be done to ensure that such breaches do not happen in the future. The company must take accountability for the breach and work to regain the trust of its users. The government must also take a more proactive approach to ensuring that companies handling sensitive health information have adequate security measures in place.
Conclusion
The data breach on the ManageMyHealth portal is a serious concern for New Zealanders, and it highlights the need for improved security measures to protect sensitive health information. The company’s handling of the breach has been criticized, and the government must take a more proactive approach to ensuring that companies handling sensitive health information have adequate security measures in place. As Jane’s experience shows, the breach has caused significant distress and concern for those affected, and it is essential that steps are taken to prevent such breaches from happening in the future.