Manage My Health to Notify Patients After Data Breach

The healthcare sector in New Zealand is facing significant challenges following a ransomware attack on Manage My Health (MMH), which has compromised hundreds of thousands of sensitive patient records. In an update issued on Wednesday at 17:00, MMH announced it would begin notifying affected patients within the next 24 hours and aims to complete this process by early next week. Notifications will be sent via email to the addresses registered with the accounts and will include an 0800 number for support.

The company is collaborating closely with Health New Zealand, the Office of the Privacy Commissioner, General Practice NZ, and various GP practices to ensure that patients receive clear and consistent information without confusion from multiple notifications regarding the same incident. Despite these efforts, some patients have reported receiving direct communications from their healthcare providers confirming the theft of their documents.

One patient from Wairarapa expressed frustration over the lack of due diligence by her clinic. She had been assured that her records would be “archived and deleted” when she switched providers a year ago. To her surprise, she found her information still available on the MMH app during a visit to her clinic. She subsequently contacted the practice manager, emphasizing that it was also the clinic’s responsibility to inform patients about potential risks.

While MMH’s chief executive, Vino Ramayah, stated that consent is required from patients before their historical data can be deleted, many patients remain concerned about the implications of the breach. Ramayah noted that a significant portion of their users do not belong to a specific doctor, meaning patients can choose to keep using MMH or close their accounts, which would lead to data deletion.

Mixed Communication from Healthcare Providers

In the wake of the cybersecurity breach, communication from various clinics has varied significantly. An Auckland GP practice network informed patients that MMH would manage notifications for those impacted. Nonetheless, some patients reported receiving conflicting information, with staff members assuring them that their records had been removed from MMH. Other clinics have advised patients accurately about the historical documents that could still affect those who no longer use the portal, directing them to MMH for updates.

For instance, Te Kauwhata Health Centre in Waikato informed patients that it was consulting with its IT security provider to ensure systems remained secure. The center also confirmed that MMH would be responsible for notifying affected individuals directly. Meanwhile, some clinics, like Tuki Tuki Medical in Waipukurau, indicated that they had received confirmation that none of their files had been impacted due to limited use of MMH modules.

The situation has left many patients feeling anxious. One Wellington resident, who requested anonymity, disclosed that a healthcare provider confirmed at least one of his documents was among those stolen. He expressed distress about the implications of sensitive information falling into the wrong hands, fearing for his safety.

Another patient expressed disappointment over the lack of communication from her practice, stating that she only learned about the breach through social media. This sentiment of frustration is echoed by many, as patients are left waiting for clarity while their personal information remains vulnerable.

Patient Concerns and Future Implications

As the fallout from the MMH breach continues, patients are increasingly worried about the potential for identity fraud and financial scams. One resident from South Wairarapa highlighted the vulnerability of local communities, emphasizing concerns for elderly residents who may not be aware of the risks.

In the wake of the attack, patients are advised to remain vigilant against scams, changing passwords and enabling two-factor authentication where possible. Clinics are also urging individuals not to share passwords or verification codes to protect their personal information.

The situation raises broader concerns about the management of sensitive data within the healthcare sector. As New Zealand moves towards more centralized medical storage solutions, trust in the system is being challenged. For many patients, the need for secure and reliable management of their health data has never been more critical. The actions taken by MMH and healthcare providers in the coming weeks will be closely scrutinized as patients seek reassurance and accountability in the wake of this serious breach.