ManageMyHealth turns off mobile app, sets up advisory board, warns against communicating with hacker

ManageMyHealth is directing people to use its website, rather than its mobile app, should they wish to change their password or check in on the portal.

The business, which found out it was hacked and was being held to ransom on December 30, said it had turned off its mobile app while it prepared to notify the 127,000-odd people affected by the breach.

“In preparation for notification of users, the ManageMyHealth mobile app has been redirected to the ManageMyHealth web application so that notification information can be consistent across platforms,” ManageMyHealth said.

“Visitors to our app will see a pop-up notification alerting them to this. This is intentional. The mobile app will be restored in time and users will be notified of this.”

It offered reassurance that the weakness in its system that had made it vulnerable to an attack had been fixed and independently checked.

ManageMyHealth is a portal that enables GP clinics to communicate with their patients.

It works in conjunction with one of the two main operating systems GP clinics use, servicing some 1.85 million Kiwis.

While GP clinics have, since Tuesday, started communicating with their patients to tell them if they’ve been affected by the breach, ManageMyHealth said it would start doing so itself within the next 24 hours, with the aim of completing this process by early next week.

“Notifications will be sent initially through email to the address that was used to register the account,” it said.

ManageMyHealth said users would be given an 0800 number they could call if they had questions.

In the meantime, it urged people to be wary of scammers who might pretend to be from ManageMyHealth.

Advisory board to be established

ManageMyHealth said it was establishing an advisory board to provide it with additional clinical and technical support in the aftermath of the attack.

It confirmed former Deputy State Services Commissioner Ross Tanner would be one of these advisory board members.

As the Herald reported on Tuesday, ManageMyHealth doesn’t have a fulsome board.

Its chief executive, Auckland-based Vino Ramayah, is effectively its sole owner and one of two directors.

Ramayah has a long history of working in medical technology.

He spent two decades at the helm of Medtech Global, which provides the operating system ManageMyHealth works in with, until it was sold in 2020 and he took control of ManageMyHealth.

On Tuesday the Herald asked both ManageMyHealth and Health New Zealand what oversight, if any, Health New Zealand or the Ministry of Health had of ManageMyHealth, including whether it had been audited.

GP clinics had been encouraged to get patients to use online portals to improve efficiency.

Neither Health New Zealand nor ManageMyHealth had responded by late this afternoon.

The portal has offices in New Zealand, Australia and India.

Health Minister Simeon Brown has directed the Ministry of Health to investigate the circumstances around the ManageMyHealth data breach.

Police advise against engaging with hacker

The person, or group, that attacked ManageMyHealth is understood to have asked for a ransom of US$60,000 ($103,700).

While ManageMyHealth has been tight-lipped as to how it is dealing with the ransom, the Herald and other media have communicated with the alleged hacker, “Kazu”.

Kazu said they had been negotiating with ManageMyHealth and launched the attack for their own financial gain.

ManageMyHealth said police advised third parties to not engage with the hacker.

“Doing so is not in the best interest of those impacted by this incident and can have unanticipated consequences,” it said.

ManageMyHealth noted an interim injunction issued by the High Court meant it was illegal for anyone to access or distribute the stolen data.

“We sincerely apologise for the pain and disruption that this incident has caused to our providers and patients as a result of this criminal activity against our systems,” it said.

Jenée Tibshraeny is the Herald’s Wellington business editor, based in the parliamentary press gallery. She specialises in government and Reserve Bank policymaking, economics and banking.

• Stay ahead with the latest market moves, corporate updates, and economic insights by subscribing to our Business newsletter – your essential weekly round-up of all the business news you need.