A cyber security breach at ManageMyHealth, New zealand’s largest patient information portal, has been “contained,” but a critical question hangs in the air: have patient health records been compromised? The incident, confirmed on Wednesday, has sparked concern from both the government adn family doctors.
What exactly happened? ManageMyHealth detected “unauthorised access” to its platform. While the company asserts the breach is contained, the full extent of the data affected remains unclear.
- Approximately 1.8 million Kiwis have used ManageMyHealth.
- A cybercrime group, Kazu, claims to have stolen 108 gigabytes of data, totaling over 400,000 files.
- A ransom demand of $60,000 has been issued, with a deadline of January 15.
- Family doctors are frustrated by the lack of interaction from ManageMyHealth.
Duty minister Karen Chhour described the breach as “incredibly concerning” for patients, stating the minister of health has requested “urgent assurances” from ManageMyHealth regarding the security of patient data.
Cybersecurity expert Dave Ayers initially indicated ManageMyHealth was using outdated encryption,suggesting a possibly large-scale breach. (Note: Claims about the app’s encryption protocols were later removed following feedback from other security experts.) Ayers estimated the breach, at 108 gigabytes, could be larger than the 2020 Waikato DHB data breach, which affected just over 4,000 people.
The cybercrime group Kazu claims responsibility, alleging the compromise of approximately 108 gigabytes of information, encompassing over 400,000 files, and has demanded a $60,000 ransom by January 15. Ayers cautioned that the ransom threat should be taken seriously, drawing parallels to the Waikato DHB incident.
GPs Voice Concerns Over Communication
The lack of timely information has left many general practitioners frustrated. Dr. Luke Bradford, president of the College of GPs, learned of the potential breach through media reports. “It’s terribly disappointing. They’re an absolutely key tool that we use for patients. It allows patients to access their records and better manage their health, literally,” he said. “But if their data’s not safe, then their very personal information is not safe, and that’s really concerning.”
Dr Luke Bradford.
Photo: supplied
Dr. Bradford highlighted the “terrible timing,” noting that many practices were closed for four days, leaving them without formal communication regarding the breach and necessary steps to take.
Dr. Bryan Betty, chair of General Practice NZ, echoed thes concerns, emphasizing the importance of patient health data and the need for “free and open clarity” from ManageMyHealth to both patients and practices.
