Manage My Health Security Breach: Expert Warns of Lax System

“This is the same pattern. ​They should have ‌invested.​ They’ve had two years and these⁤ are the exact same areas that ‍have caused them ⁣the issue.”

The company did not respond ‍to him, he said.

Manage My⁢ Health has said‌ it ⁤is indeed required to ‍hold on to patients’ data – even ​if their GP switches⁣ provider – unless patients deregister themselves.

However, ⁢Chopra believes Manage My Health could have another reason‌ for holding on to patient records.

Its own website proudly ⁢notes ⁢its database of ‌”1.8 million Kiwis” and ⁢its ability to get its customers’ message to them “when they’re ⁤thinking about their health”.

“If this company did not have any commercial gains ⁢to make out of ‌this ⁢data, then they would⁢ not be ⁢paying the extra‍ storage‌ costs for this data,” Chopra​ said.

Terms and conditions gave company an ‘out’

A Wellington IT ⁤worker caught up in the manage My ⁤Health data breach – whom RNZ has agreed not to name⁢ – also questioned the lack of‍ regulatory checks and balances.

“Health services that have this‍ information⁤ and these functions should be subject to the same scrutiny and compliance requirements ⁤and auditing⁤ as financial institutions.”If your banking app is down,⁢ it’s a huge deal ⁣and it gets lots of scrutiny.”

However, Manage ⁢My ​Health’s users could⁤ not say they were⁣ not warned,⁤ she said.

“The irony is ​that ‌I actually read their terms and conditions,‍ and they⁤ haven’t breached them as their entire terms of usage is they can’t​ guarantee their system is any ‍good or that‌ they’ll fix it, even if it’s foreseeable and they know about it.

“It’s essentially,⁣ ‘we can’t guarantee our product doesn’t suck, but here, ​give it a go’.”

Digital specialist Callum‍ mcmenamin (who also alerted manage My ​Health to its security vulnerabilities ⁣six months ago) ‍said the 300-page ⁣Health Information ⁢Security Framework contained many good‍ things⁤ – but⁣ entirely relied on “hand-wavy” self-regulation.

“It’s all just a high-trust system where the Government sets the standards but then ⁢closes its eyes and doesn’t⁤ check if the standards are actually⁤ being met.”

Industry ‌has opposed regulation – commentator

According⁢ to political analyst Bryce⁤ Edwards from The Democracy Project, the lack of regulatory ‍oversight was “not an accident”.

The‌ Digital Health Association – ​the industry body for health software vendors ⁢- had lobbied against what it called “overly burdensome privacy laws and regulation”, h

Here’s‍ a breakdown of the key points from the provided text, ‌presented as factual​ statements without reusing the source’s language or structure:

* ⁣The Digital Health Association advocated against​ the therapeutic Products Act, which proposed regulating health software and ‌imposing ⁣penalties for non-compliance.
* A ⁣concern raised ⁢was that the proposed ​Act lacked clarity and could create ⁣overly broad​ definitions.
* The Digital Health Association stated its support⁤ for⁣ regulation aimed at ensuring patient safety and effective​ digital health service ‌delivery.
* The association believes that simply increasing ‍penalties isn’t sufficient for data protection; ongoing investment in security is also crucial.
* ⁢‌ Health NZ ⁣holds Manage My‌ Health accountable for data security.
* ‌ Health NZ has published a Health Information ‍Security Framework (HISF) to guide the‍ health⁤ sector on secure information management.
* Health NZ is ⁣exploring the possibility of‌ requiring ‌autonomous cybersecurity audits for third-party providers,including patient portals,in‌ the future.