Patients anxious as ManageMyHealth data breach develops
We independently review everything we recommend. When you buy through our links, we may earn a commission which is paid directly to our Australia-based writers, editors, and support staff. Thank you for your support!
Brief Overview
- ManageMyHealth data breach impacts as many as 129,500 patients.
- Kazu ransomware group requests a ransom of US$60,000.
- The company has obtained a High Court injunction to safeguard against data misuse.
- The New Zealand government is conducting an inquiry into the incident.
- In Australia, penalties for data breaches can soar up to $50 million.
Overview of the ManageMyHealth Data Breach
A major data breach involving ManageMyHealth, the trans-Tasman health information portal, has sparked concerns among numerous patients regarding the potential exposure of their sensitive information. The breach, linked to the Kazu ransomware group, has resulted in the compromise of 108 gigabytes of patient data.
Details of the Ransomware Attack
The breach was identified on December 30, with Kazu allegedly having extracted a significant amount of patient data. In spite of the extensive data exposure, patients were only made aware of the situation when accessing the ManageMyHealth website or utilizing its mobile app, without receiving any direct notifications from the company.
Effect on Patients
With more than 1.85 million registered patients, ManageMyHealth has indicated that 6-7% of its users are impacted. This translates to around 111,000 to 129,500 individuals whose information could have been compromised.
Legal and Security Actions
The company has secured a High Court injunction to block third-party access to the compromised data. ManageMyHealth claims the breach has been controlled and asserts that its platform is now safe. The mobile application has been suspended, and users are cautioned against interacting with Kazu.
Investigation in Progress
Simeon Brown, New Zealand’s Health Minister, has announced an investigation into the breach to determine its causes and assess the sufficiency of the company’s data protection efforts. Despite its seriousness, New Zealand’s penalties for such breaches are relatively lower than Australia’s stringent fines.
Conclusion
The ManageMyHealth data breach highlights the urgent necessity for strong cyber security protocols, particularly within the healthcare sector. As the inquiry progresses, affected patients remain vigilant, while the company endeavors to provide assurances regarding the safety of their data.
Q: What is the scale of the data breach?
A: The breach involved 108 gigabytes of data, affecting around 111,000 to 129,500 patients.
Q: How did the breach happen?
A: It is reported that the hackers accessed the system using a legitimate user password, taking advantage of flawed access controls.
Q: What legal steps have been taken?
A: ManageMyHealth secured a High Court injunction to prevent any further access to the compromised data.
Q: What potential consequences does ManageMyHealth face?
A: In New Zealand, penalties are limited to NZ$10,000, while Australia can enforce fines up to $50 million for severe breaches.
Q: Has the situation been resolved?
A: ManageMyHealth claims the breach is contained and the platform is secure, though investigations are still ongoing.
Q: Is there a ransom being sought?
A: Yes, Kazu is requesting a ransom of US$60,000 for the compromised data.
