A recent data breach at ManageMyHealth, New Zealand’s largest patient information portal, has exposed the personal medical records of potentially up to 126,000 individuals. The incident, impacting between 6 and 7% of the platform’s 1.8 million registered users, has prompted concern from both health officials and privacy advocates.
Concerns Raised Over Data Security
Health Minister Simeon Brown described the breach as “a very concerning breach of patient data,” emphasizing that ManageMyHealth, as a private company, bears the responsibility for protecting sensitive information. Brown stated his expectation that the company will keep both GPs and patients informed about the impact of the breach and the steps being taken to address it. A cross-agency Incident Management Team has been established to support ManageMyHealth.
The company has confirmed that the security flaws in its code have been fixed following independent verification from IT experts. They now possess a complete list of potentially affected individuals and anticipate confirming which specific documents were accessed in the coming days.
Calls for Investigation
The Public Service Association (PSA) is urging the Privacy Commissioner to reconsider a previous decision not to investigate the impact of staffing cuts at Health New Zealand’s digital services division. The PSA argues that these cuts may have contributed to the vulnerability that allowed the breach to occur. While the Privacy Commissioner currently maintains “ongoing discussions” with Health New Zealand regarding privacy responsibilities, they expect ManageMyHealth to demonstrate adequate safeguards were in place.
Minister Brown has directed officials to explore ways to strengthen data security assurances and is considering an independent review of the incident. Health New Zealand is currently utilizing independent cybersecurity specialists to verify that the vulnerabilities have been fully addressed.
Frequently Asked Questions
What is ManageMyHealth?
ManageMyHealth is New Zealand’s largest patient information portal, used by many GP practices across the country.
How many people may be affected?
Between 6 and 7% of ManageMyHealth’s approximately 1.8 million registered users – up to 126,000 people – may have been impacted by the data breach.
What is being done to address the breach?
ManageMyHealth has confirmed that security flaws have been fixed, and a list of potentially affected individuals has been compiled. Health New Zealand is also utilizing cybersecurity specialists to ensure vulnerabilities are resolved.
As investigations continue and forensic analysis is completed, what further measures will be necessary to restore public trust in the security of sensitive health data?
