Key Takeaways
- Manage My Health, a health data platform, has been hacked, resulting in a significant data breach.
- The company has apologized for the breach and promised to publish daily updates on the situation.
- The Health Minister has launched an urgent review into the breach, citing concerns about the company’s communication and cyber security practices.
- Experts are warning against paying the ransom, citing the risk of dealing with criminals and the potential for the data to be released anyway.
- The Deputy Privacy Commissioner has expressed frustration at the complacency around cyber security, highlighting the need for stronger penalties and a more proactive approach to protecting sensitive data.
Introduction to the Data Breach
The Manage My Health data breach has sent shockwaves through the healthcare industry, with the company apologizing for the pain and anxiety caused to health providers and patients. The breach, which occurred ahead of the deadline for a ransom demand, has raised concerns about the company’s cyber security practices and its ability to protect sensitive data. The company has stated that it will not be commenting on the ransom demand, citing an ongoing investigation, and has instead focused on securing patient data and working on the accuracy of all information before providing it to practices and patients.
Government Response to the Breach
Health Minister Simeon Brown has announced an urgent review into the breach, citing concerns about the company’s communication and cyber security practices. Brown has expressed disappointment at the company’s handling of the situation, describing the data disappearing as "pretty unacceptable". The Minister has also spoken to the CEO of Manage My Health, emphasizing the need for clear and transparent communication with the public and users. The review is expected to examine the company’s cyber security practices and its response to the breach, with a view to identifying areas for improvement and preventing similar breaches in the future.
Expert Opinion on the Breach
Luke Hogan, a senior technical manager at Intellium, has expressed skepticism about Manage My Health’s ability to recover from the breach. Hogan has highlighted the importance of basic cyber security measures, noting that health data is among the most critical data that needs to be protected. Antony Grasso, a former intelligence officer, has also weighed in on the breach, advising against paying the ransom and citing the risk of dealing with criminals. Grasso has expressed disappointment at the company’s response to the breach, noting that he had not seen Manage My Health take many tangible actions to address the situation.
Deputy Privacy Commissioner’s Response
Deputy Privacy Commissioner Liz MacPherson has expressed frustration at the complacency around cyber security, highlighting the need for stronger penalties and a more proactive approach to protecting sensitive data. MacPherson has noted that issues had surfaced in the past, but had not been adequately addressed, and has called for a more robust approach to cyber security. The Commissioner has also highlighted the need for a penalty regime, citing the example of Australia, where fines for major breaches can reach up to $50 million.
Manage My Health’s Response
Manage My Health has apologized for the breach and promised to publish daily updates on the situation. The company has welcomed the review launched by the Health Minister and has pledged to fully cooperate. Manage My Health has also obtained a High Court injunction preventing third parties from accessing data posted as a result of the cyber attack, and has stated that its international team is monitoring known data leak websites and is prepared to issue takedown notices immediately if any stolen information is posted. Despite these efforts, the company still faces an uphill battle to regain the trust of its users and the public, and will need to demonstrate a commitment to robust cyber security practices and transparent communication to restore confidence in its platform.
