Key Takeaways:
- A ransomware attack on ManageMyHealth has put thousands of patients at risk of identity theft or extortion
- The hackers, known as "Kazu", are demanding a ransom of $60,000 and have threatened to release over 400,000 patient documents if their demands are not met
- Cyber security experts warn that the data breach could lead to blackmail, scams, and financial crimes
- ManageMyHealth has been criticized for its slow response to the attack and lack of transparency about the extent of the breach
- The attack highlights the importance of robust cyber security measures and regular independent security audits for businesses handling sensitive health information
Introduction to the Ransomware Attack
The recent ransomware attack on ManageMyHealth, a popular health portal in New Zealand, has sent shockwaves throughout the country. The hackers, who go by the name "Kazu", have posted a screenshot of the ransom demand on a popular hacking forum, stating that they will release over 400,000 patient documents unless the company pays a ransom of $60,000 within 48 hours. This attack has put thousands of patients at risk of identity theft or extortion, and cyber security experts are warning that the consequences could be severe.
The Hackers’ Demands and Motivations
The hackers, who claim to be motivated by financial gain, have stated that they are "not a hacktivist group with political motives" but rather a business looking to make a profit. They have successfully extracted ransom money from several healthcare companies in Asia and Africa over the past two months and are looking to add ManageMyHealth to their list of victims. The hackers have also released samples of the data they have obtained, including clinical notes, lab results, vaccination records, medical photographs, and personal identification details. This data is highly sensitive and could be used for malicious purposes, such as blackmail or identity theft.
The Risks to Patients
The patients affected by the breach are at risk of identity theft, blackmail, and extortion. IT consultant and Christchurch City councillor Cody Cooper, who is signed up to ManageMyHealth through his GP, was horrified by what he found when he verified the claims. "There’s people’s passports, there’s people’s ADHD documents from a psychiatrist, there’s pictures of people unclothed. It’s very personal data. And my concern as a patient would be, will someone blackmail people? Or try to extort them personally as well, if they don’t pay up?" Cooper also questioned why ManageMyHealth took so long to respond to the breach and why the company was taking too long to inform affected clinics and patients.
The Company’s Response
ManageMyHealth has been criticized for its slow response to the attack and lack of transparency about the extent of the breach. The company’s website notice appeared on the afternoon of December 31, but the site wasn’t taken offline until that evening. Furthermore, the company has not provided clear confirmation about what was accessed or copied, which is worrying for patients and cyber security experts. Data journalist Keith Ng said that the company’s public statements appeared to be trying to minimize the scale of the problem, stating that only 7 percent of users were affected. However, Ng pointed out that 7 percent of 1.8 million is still a significant number, and the type of data involved makes it particularly sensitive and damaging for those affected.
The Importance of Cyber Security
The ManageMyHealth breach highlights the importance of robust cyber security measures and regular independent security audits for businesses handling sensitive health information. Aura Information Security’s Patrick Sharp said that medical records are hugely valuable to criminals and that the Medibank ransomware attack in Australia in 2022 resulted in many thousands of real financial crimes. Sharp warned that the 126,000 or so people affected by the ManageMyHealth breach may suffer at the hands of criminal gangs, including scams, blackmail, and other types of financial crimes. Ng also emphasized the need for businesses to take cyber security seriously, stating that a business that sets itself up as a health information management system has a lot of incentive to do things right because when they fail, really catastrophic things like this happen, and it is an existential risk for them.
Conclusion
The ManageMyHealth ransomware attack is a wake-up call for businesses handling sensitive health information to take cyber security seriously. The attack has put thousands of patients at risk of identity theft or extortion, and the consequences could be severe. The hackers’ demands and motivations highlight the importance of robust cyber security measures and regular independent security audits. The company’s response to the attack has been criticized, and it is essential that they take immediate action to inform affected clinics and patients and provide clear confirmation about what was accessed or copied. Ultimately, the ManageMyHealth breach is a reminder that cyber security is a critical aspect of any business, and it is essential to prioritize it to protect sensitive information and prevent catastrophic consequences.