The association has called on the Privacy Commissioner to reconsider his decision to not investigate the impact of cuts to Health NZ’s digital services workforce, in light of the most recent data breach.
“Last year the PSA asked the Privacy Commissioner to investigate the impact of cuts to Health NZ’s digital services workforce but he refused,” Fitzsimons said. ”We call on him to reconsider this given the Manage My Health data breach.”
Contacted by the NZ Herald, a spokesperson for the Privacy Commissioner said the commissioner has “ongoing discussions with Health New Zealand around its privacy and personal information responsibilities as part of its regular monitoring relationship” and, for that reason, no investigation has been initiated.
“While the Privacy Commissioner’s first focus is always on supporting agencies with their breach response to minimise the threat to affected individuals, we will expect ManageMyHealth, like any health agency, to be able to demonstrate to the regulator that it had appropriate safeguards in place, and where these were not sufficient, what steps will be taken to prevent such an incident happening again,” the spokesperson added.
‘A very concerning breach of patient data’ – Simeon Brown
Minister of Health Simeon Brown has called the ManageMyHealth breach “a very concerning breach of patient data”.
Brown highlighted that ManageMyHealth is a private platform used by many GP practices across New Zealand.
“ManageMyHealth is a private company responsible for protecting patient data, and it is responsible for this incident. While ManageMyHealth is a private company, it is my expectation that it provides its users, both GPs and patients, with regular and timely information, including whether and how they have been impacted and the steps ManageMyHealth is taking to address this breach,” the minister said.
A cross-agency Incident Management Team has been established to support ManageMyHealth.
Brown said he has directed officials to provide advice on what can be done to “strengthen assurance around the protection and security of heath data”.
“I expect clear options and advice to maintain public confidence,” he said.
“I have also sought advice on options for an independent review of what has occurred. In the meantime, Health New Zealand is utilising independent cyber security specialist capability to provide further assurance that the vulnerabilities that led to the breach have been addressed.”
ManageMyHealth is New Zealand’s largest patient information portal. Between 6 and 7% of the approximately 1.8 million registered users, up to 126,000 people, may have been impacted by the security breach.
The operators of the compromised patient data app confirmed today they had received “independent confirmation” from IT experts the flaws in its code have been fixed.
“We now have the complete list of people whose documents may have been accessed and expect forensic confirmation of the documents affected in the coming days,” the company said in a statement.