Manage My Health data incident - information update

There has been a lot of news on the Manage My Health (MMH) Cyber Security breach that occurred at the end of last year.  While our group and practices have not been impacted directly, we are aware that communication on what happened has not been very easy to understand. As such, this has raised many questions about the safety of patient portals in general.

Below is a  summary to help provide clarity on the breach and what it means for patients.

  • The MMH breach was confined to a specific section of the portal known as “My Health Documents.” This section is used by individuals to upload documents, and Northland Hospital used this same area to store hospital discharge summaries. The breach was limited to this section of MMH.

  • By contrast, any content uploaded by GPs – including prescriptions, test results, direct messages to clinics, and appointment information – was stored in a separate section of the MMH portal called “Health Records.” As a result, GP-uploaded content was not affected by the breach and remains secure.

  • MMH are still in the process of checking all the individual documents impacted and have advised that the final numbers are likely to be less than originally estimated.

  • As a result of the technical nature of the breach and to minimise confusion, MMH requested that  all GP clinics do  not contact anyone, and leave it to them to reach out to those affected.

  • Independent cybersecurity specialists have verified the current MMH system is secure.

  • If you have been impacted, MMH will contact you to advise next steps.

Naturally this leads to the question  – are the other portals safe?

Most portals are built with security at the forefront, and requires  everyone using them to help keep them safe by accessing them with a private internet connection, using 2FA (2 Factor Authentication) and a strong password.

  • Private internet means not using public Wi-Fi without a VPN (Virtual Private Network) which creates a secure and encrypted ‘tunnel’ for your internet traffic.

  • 2FA adds an extra security step to confirm your identity when you login. For example, the website will ask for a code from an authenticator app on your phone.

  • A strong password is a random string of mixed-case letters, numbers and symbols. For example, hFskj*g65LPcmz

If you have any specific questions, please refer to the MMH FAQ page.