Health records from the Manage My Health platform have been compromised in a recent ransomware attack, impacting numerous patients who are now left in the dark about the status of their information. The platform’s website has repeatedly crashed, and its helpline is experiencing an overload of inquiries, leading to significant frustration among users seeking clarity on their accounts.
Affected individuals, like Andrea from Wellington, reported receiving notices indicating their information had been compromised, directing them to log into the Manage My Health website for further updates. However, many found themselves unable to access their accounts due to persistent unavailability. Andrea’s attempts to reach the helpline resulted in extended wait times, ultimately leading to a disconnection. Similar reports emerged from others, including Nel, who received mixed messages about whether or not her data was affected, further eroding trust in Manage My Health’s ability to manage the crisis.
These individuals voiced their concerns regarding the robustness of the company’s security protocols. Lou expressed anger not only toward the attackers but also directed at Manage My Health for what they deemed “criminal negligence.” They noted that sensitive health records, detailing personal vulnerabilities, could now be exploited for scams or identity theft. Questions about the company’s lack of requisite safeguards are becoming increasingly urgent in light of the data breach.
Moreover, users based overseas encountered additional barriers when attempting to secure their accounts. One New Zealander reported that her access had been blocked for “security reasons,” despite having legitimate concerns about her data’s vulnerability. The irony is not lost: heightened security measures rendered her unable to follow the recommended steps to protect her information, resulting in significant frustration and an unintended breach of her privacy.
Another individual highlighted a peculiar incident where they received a blank email ostensibly informing them about the breach. This added to the uncertainty surrounding whether their data was compromised. Meanwhile, Gemma experienced similar issues reaching the helpline and was confronted with an overloaded response system. Patients have been urged to file complaints with the Office of the Privacy Commissioner, though the process requires individuals to complain to Manage My Health first.
In the sphere of cybersecurity, the tactics and techniques involved in this breach align with those outlined in the MITRE ATT&CK framework. Possible adversary tactics could include initial access employing phishing or exploiting vulnerabilities to breach the system, followed by persistence to maintain access over time. The significance of data integrity and confidentiality has never been more pressing, especially given the sensitive nature of health information.
Manage My Health has issued an apology for the breach, stating it aims to reach all affected individuals by early next week. As the situation unfolds, concerns regarding data security and patient privacy continue to dominate discussions among users, highlighting the urgent need for robust cybersecurity measures in handling personal health information.
Names have been changed to protect privacy.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
