The deadline set by hackers to release patient data belonging to about 120,000 New Zealanders has arrived, prompting calls for swift action from Greens Health spokesperson Huhana Lyndon.
“With this being the biggest cyber breach in New Zealand, following on from the Compass PHO breach and the Waikato DHB breach, this is massive. 120,000 New Zealanders have lost their patient information somewhere in the dark web. With all of this uncertainty swirling around, it’s hugely unsettling,” she said.
The breach was first reported in late December when ManageMyHealth detected unauthorised attempts to access user accounts. The company says its main system was not compromised, but users were urged to reset passwords as a precaution.
The online portal is widely used by New Zealanders to access test results, prescriptions and messages from their GP.
Arotake te haere ake nei
Health Minister Simeon Brown has commissioned the Ministry of Health to review the response to the cyber security breach involving patient information.
ManageMyHealth is a privately operated patient portal used by some general practices around New Zealand. It holds medical information and allows patients to communicate with health professionals.
“I know this breach will be very concerning to the many New Zealanders who use ManageMyHealth, and we need assurances around the protection and security of people’s health data,” Mr Brown said.“Patient data is incredibly personal and whether it is held by a public agency or a private company, it must be protected to the highest of standards.”
1News reports that a High Court injunction has been granted to stop information hacked from the ManageMyHealth app being shared.
Health New Zealand has advised there has been no impact on its systems. It is working with primary care providers through General Practice New Zealand (GPNZ) to clarify the potential impact on patients and practices. General practices remain open and continue providing services.
Cybersecurity experts warn that patient data stolen in such breaches can be used for identity theft, fraud, or phishing attacks, highlighting the urgency for safeguards and transparency.
The ManageMyHealth breach follows previous incidents, including the Compass PHO breach in 2021 and the Waikato DHB breach in 2022, highlighting ongoing vulnerabilities in New Zealand’s health sector cyber defences.
