Key Takeaways
- A cyber breach at ManageMyHealth, a health management platform, has put patients’ sensitive information at risk of identity theft and bank account theft.
- The attacker allegedly demanded a $104,000 ransom to avoid distributing the stolen data.
- Over half of the affected patients have been notified via email, with the notification process still ongoing.
- Patients are advised to change their passwords, enable multi-factor authentication, and be cautious of phishing emails or suspicious messages.
- The breach has raised concerns about the security of health information and the potential consequences for affected individuals.
Introduction to the Data Breach
A recent cyber breach at ManageMyHealth, a health management platform, has compromised the sensitive information of its patients, leaving them vulnerable to identity theft and bank account theft. According to RNZ, the breach could have severe consequences for the affected individuals, with the attacker allegedly demanding a $104,000 ransom to avoid distributing the stolen data. The breach has sparked concerns about the security of health information and the measures in place to protect it.
Patient Concerns and Notifications
One patient, McKenzie-Muirson, who has been a patient at Te Manu Toroa’s Tauranga Moana City Clinic for 20 years, received an email from ManageMyHealth on January 8 informing her that she was affected by the breach. The email apologized for the incident and recommended that she change her password, enable multi-factor authentication, and be alert for any unusual account activity. McKenzie-Muirson expressed concerns about identity theft and the potential release of her health information, stating that she didn’t think people were taking the breach seriously enough. She had also visited her bank, where staff put a warning on her account to prevent any potential fraudulent activity.
Response from Te Manu Toroa and ManageMyHealth
Te Manu Toroa chief executive Pat Cook stated that the organization took the privacy and security of patient information seriously and was monitoring ManageMyHealth updates. Cook advised patients to be cautious of phishing emails or suspicious messages asking for personal information. ManageMyHealth also released a statement on January 13, stating that the company and forensic cybersecurity experts were continuing to investigate the incident. The statement confirmed that a group of patients who were previously notified as potentially affected were not affected by the breach, and those patients would see a green box at the top of their web application indicating "no impact".
Investigation and Updates
The investigation into the breach is ongoing, with ManageMyHealth posting regular updates on its website. The company has notified over half of the affected patients via email, with the process of contacting the remaining patients expected to take some time due to the complexities of securely coordinating communications with relevant authorities and data controllers. Health New Zealand Te Whatu Ora was unable to provide specific numbers of people affected for the Bay of Plenty and Lakes regions. ManageMyHealth was also asked to provide a list of Bay of Plenty and Rotorua GP practices where patients had been affected by the breach.
Managing Identity Theft
The New Zealand Government website recommends using the Department of Internal Affairs’ online checklist if you suspect or know that someone is fraudulently using your identity. The checklist includes five scenarios for why someone might think they may be a victim of identity theft, including having documents lost or stolen. It advises contacting the organization your identity information was connected with, such as the Department of Internal Affairs for a stolen passport, or your bank for compromised bank accounts or credit cards. Additionally, it recommends contacting the NZ Police using their non-emergency contact options if you have evidence that your identity has been stolen, have had your wallet or credit card stolen, or suspect a scam.
Conclusion
The cyber breach at ManageMyHealth has highlighted the importance of protecting sensitive health information and the potential consequences of a data breach. Patients are advised to remain vigilant and take steps to protect themselves from identity theft and bank account theft. The incident has also raised questions about the security measures in place to protect health information and the need for organizations to prioritize the security of sensitive data. As the investigation continues, it is essential for patients to stay informed and take proactive steps to protect their personal information.