Forum moderator
Forum Replies Created
Viewing 4 posts - 1 through 4 (of 4 total)
-
Posts
-
Stuff: It wasn’t us: GPs push back after Manage My Health data breach blame lingers
GPs are “disappointed” that Manage My Health and Health New Zealand have taken so long to acknowledge that the recent data breach impacting patient medical records did not include files from GPs’ offices, GP Aotearoa chair Dr Buzz Burrell told Stuff.
We have received the following from the Office of the Privacy Commissioner:
Kia or Dr Burrell
I acknowledge receipt of your letter to Michael Webster, Privacy Commissioner on 7 January regarding the cyber b reach of the Manage My Health cyber breach impacting multiple GPs, PHOs, patients and other users.
We are aware that there is concern in the primary care health care sector regarding the responsibilities of GPs, PHOs and other primary care providers that use Manage My Health. The Commissioner has published a statement for these agencies that responds to the concern raised in your letter regarding the obligations of GPs to OPC and their patients. We understand that Manage My Health is nearly complete in notifying affected users, and that affected GP and PHO agencies have already been notified.
We ask your assistance in communicating this statement through any relevant channels you have. There are two statements that are relevant:
– Updated statement on Manage My Health cyber incident
Thank you for your assistance, and please let me know if you have any questions or think there would be additional information useful for those agencies.
Kia pai to rā
Susan Allen (she/her)
Kaiwhakahaere Tautukunga, Whakaū |Compliance and Enforcement Manager
Te Mana Mātāpono Matatapu | Office of the Privacy Commissioner
GPA’s letter requesting guidance from the Privacy Commissioner.
Today we sent the following letter to the Privacy Commissioner:
Dear Michael Webster,
General Practitioners Aotearoa (GPA) is an organisation representing general practitioners across New Zealand. Several of our members have contacted us with significant concerns regarding the consequences of the recent Manage My Health privacy breach.
We appreciate the statement published on your website for affected Manage My Health patients. However, general practitioners also require clear and practical guidance. On behalf of our members, GPA is seeking your advice regarding the appropriate process for informing affected patients, including expectations around written communication, mitigation steps, and compliance with privacy obligations.
Many GPs adopted Manage My Health in good faith, with the understanding that it was a secure and reliable patient portal. This was particularly because email is widely recognised as an unsafe medium for transmitting sensitive clinical information. As a result of this breach, many of our members have lost confidence in the platform and are now uncertain about how to proceed.
GPs are concerned about potential liability despite having relied on a system that was marketed and accepted as secure. There is significant confusion and distress among practitioners about the extent of their responsibilities when a privacy breach occurs within a third-party patient portal, particularly when their options for secure electronic communication are limited and alternative solutions are not readily available.
In particular, our members would value clarification on the extent of general practitioner liability in this context, whether additional patient notification is expected from practices beyond communications issued by the portal provider, and what practical steps should be taken to ensure compliance with privacy obligations. Clear, step-by-step guidance would help promote consistent, lawful, and patient-centred responses across primary care.
If possible, GPA would welcome a written guidance document or position statement that could be shared with general practices to support them in managing the current situation and similar incidents in the future.
Thank you for your consideration. We would welcome any advice or resources your office is able to provide.Yours sincerely,
Dr Buzz Burrell – Chair, General Practitioners Aotearoa
On behalf of the Board and members.
chair@gpaotearoa.co.nz
027 578 0979-
This reply was modified 5 months, 2 weeks ago by
.
-
This reply was modified 5 months, 2 weeks ago by .
A few articles covering the hack so far:
Blackveil: 108GB of Your Medical Records Stolen: What the ManageMyHealth Breach Reveals About NZ Healthcare Security
Reddit: With less than 24 hours remaining until the ManageMyHealth ransom expires, CEO Vino Ramayah is nowhere to be found, as Kazu group posts FAQ explaining their actionsRNZ
Manage My Health CEO: ‘Trust us even though we’ve dropped the ball’Stuff
Clock runs out on ransom demand in Manage My Health cyber hack
Government launch review of ManageMyHealth cyber security breach
Manage my health breach: Patient data potentially accessed, notifications to begin
Private health records surface on dark web after Manage My Health hackNZ Herald
Hacker claiming to be behind ManageMyHealth breach: ‘I do it for the money and I’m in negotiations to get it’
Frustration mounts as names drip out of those affected by ManageMyHealth data breach
Manage My Health hack could re-traumatise sexual violence, family harm victims – advocate
ManageMyHealth data breach: Health Minister Simeon Brown expects rapid patient notification
ManageMyHealth data breach: No impact on Health NZ systems
-
This reply was modified 5 months, 2 weeks ago by
Viewing 4 posts - 1 through 4 (of 4 total)
