Key Takeaways:
- A group of hackers, known as ‘Kazu’, have stolen over 400,000 files from the online health portal Manage My Health and are demanding a $US60,000 ransom.
- The deadline for the ransom has passed, but the hackers have not yet leaked any further data.
- Over 120,000 patients are affected by the breach, but it is unclear who has been impacted and what information has been taken.
- The General Practice Owners’ Association is calling for Manage My Health to inform patients and GPs about the breach and provide updates on the situation.
- An urgent review into the breach has been announced by the Health Minister.
Introduction to the Hack
The online health portal Manage My Health has been hacked by a group of hackers known as ‘Kazu’, who have stolen over 400,000 files and are demanding a $US60,000 ransom. The hackers posted on Sunday morning that unless the company paid the ransom within 48 hours, they would leak the stolen files. The deadline for the ransom has now passed, but the hackers have not yet leaked any further data. This has left patients and GPs anxious to know whether they have been affected by the breach and what information has been taken.
Impact on Patients and GPs
The breach has caused significant anxiety among patients, who are worried that their privacy has been breached. The General Practice Owners’ Association chairperson, Angus Chambers, has stated that many patients are concerned about the potential breach of their privacy and are seeking information from their GPs. However, GPs do not have access to information about who has been affected or what information has been taken, making it difficult for them to provide reassurance to their patients. Chambers has called for Manage My Health to take responsibility for informing patients and GPs about the breach, stating that it is their job to do so.
Response from Manage My Health
Manage My Health has apologized for the pain and anxiety caused to health providers and patients, and has acknowledged that it could have communicated better about the breach. The company has stated that its priority was to secure patient data and work on the accuracy of all information before providing it to practices and patients. Manage My Health has also announced that it will publish daily updates with all the information it can share about the breach. However, the company has refused to comment on the ransom demand, stating that it is a matter for the police.
Cyber Security Concerns
The breach has highlighted the importance of cyber security in the healthcare sector. Chambers has stated that practices must be prudent about cyber security and protecting their patients’ data, but it is not as simple as switching platforms. Many practices have Manage My Health closely connected with their practice management software, making it a complex and time-consuming process to change. This has raised concerns about the vulnerability of healthcare systems to cyber attacks and the need for more robust security measures to be put in place.
Government Response
The Health Minister, Simeon Brown, has announced an urgent review into the breach. The review will examine the circumstances surrounding the breach and identify measures that can be taken to prevent similar breaches in the future. The review is a welcome step, but it is unclear what actions will be taken to address the immediate concerns of patients and GPs who have been affected by the breach. The government will need to work closely with Manage My Health and the healthcare sector to ensure that patient data is protected and that those affected by the breach are informed and supported.
Conclusion
The hack of Manage My Health has highlighted the importance of cyber security in the healthcare sector and the need for robust measures to be put in place to protect patient data. The breach has caused significant anxiety among patients and GPs, and it is essential that Manage My Health takes responsibility for informing those affected and providing updates on the situation. The government’s urgent review into the breach is a welcome step, but it is crucial that actions are taken to address the immediate concerns of those affected and to prevent similar breaches in the future.
