Key Takeaways:
- The deadline for a ransom demand in the massive Manage My Health data leak has arrived, with the hacker threatening to leak over 400,000 files if a ransom of $US60,000 is not paid.
- The New Zealand government has a long-standing position that ransoms should not be paid, and Manage My Health has stated that any ransom demand is a matter for the police.
- The company has been criticized for its communication with users and the public, with many calling for more transparency and action to prevent similar breaches in the future.
- The breach has affected over 120,000 users and has raised concerns about the security of health data in New Zealand.
- The government has launched an urgent review into the breach, and Manage My Health has welcomed the review and stated that it will fully cooperate.
Introduction to the Data Breach
The deadline for a ransom demand in the massive Manage My Health data leak has arrived, with the hacker, known as "Kazu", threatening to leak over 400,000 files if a ransom of $US60,000 is not paid. The breach, which is believed to have affected over 120,000 users, has raised concerns about the security of health data in New Zealand. Manage My Health, the country’s largest patient portal, has been criticized for its communication with users and the public, with many calling for more transparency and action to prevent similar breaches in the future.
Government Response to the Breach
The New Zealand government has a long-standing position that ransoms should not be paid, and Health Minister Simeon Brown has stated that the government will not be paying the ransom. Brown has also announced an urgent review into the breach, which will examine the circumstances surrounding the breach and make recommendations for improving the security of health data in New Zealand. Manage My Health has welcomed the review and stated that it will fully cooperate with the investigation.
Criticism of Manage My Health’s Communication
Manage My Health has been criticized for its communication with users and the public, with many calling for more transparency and action to prevent similar breaches in the future. The company has stated that it is working to improve its communication and has apologized for any pain and anxiety caused to health providers and patients. However, some have expressed concerns that the company’s communication has been inadequate and that more needs to be done to prevent similar breaches in the future.
Expert Opinion on the Breach
Experts have weighed in on the breach, with some calling for more action to be taken to prevent similar breaches in the future. Luke Hogan, a senior technical manager at Intellium, has stated that he does not know how Manage My Health will recover from the breach, given the severity of the breach and the lack of action taken by the company to prevent it. Antony Grasso, a former intelligence officer, has also expressed concerns about the breach, stating that he would not pay the ransom even if it was his own data that was being held hostage.
Deputy Privacy Commissioner’s Comments
Deputy Privacy Commissioner Liz MacPherson has expressed frustration with the complacency surrounding cyber security in New Zealand. MacPherson has stated that the Office of the Privacy Commissioner has seen a continuation of the "it’ll happen to somebody else, not to me" type approach, and that this complacency is contributing to the lack of action being taken to prevent breaches. MacPherson has also called for the introduction of a penalty regime to hold companies accountable for breaches, similar to those in place in Australia.
Manage My Health’s Response
Manage My Health has stated that it is working to improve its security and prevent similar breaches in the future. The company has obtained a High Court injunction preventing third parties from accessing data posted as a result of the cyber attack, and has welcomed the review launched by the Health Minister. Manage My Health has also stated that it will fully cooperate with the investigation and will work to improve its communication with users and the public.
Conclusion
The Manage My Health data breach has raised concerns about the security of health data in New Zealand and has highlighted the need for more action to be taken to prevent similar breaches in the future. The government’s urgent review into the breach is a step in the right direction, but more needs to be done to hold companies accountable for breaches and to prevent them from happening in the first place. Manage My Health’s communication with users and the public has been criticized, and the company must work to improve its transparency and action to prevent similar breaches in the future.
