ManageMyHealth, a prominent health portal, has officially revealed the extent of a data breach that occurred in late December. The company confirmed that approximately 6 to 7 percent of its 1.8 million registered users were impacted by the security incident. This translates to between 108,000 and 126,000 individuals whose personal information may have been compromised.

Scope of the ManageMyHealth Breach

The breach targeted specific user data, as confirmed by ManageMyHealth. The information accessed includes various personal identifiers crucial to an individual’s profile on the platform. Importantly, the company clarified that no financial information, such as bank accounts or credit card details, was compromised during the incident. ManageMyHealth emphasized that this was not a hack of the entire system, but rather a targeted breach affecting a subset of its user base.

What Information Was Compromised?

ManageMyHealth detailed the specific categories of data that were accessed by unauthorized parties:

• Names
• Addresses
• Dates of birth
• National Health Index (NHI) numbers
• Limited information pertaining to general practice affiliations
• Data regarding prescribed medications

While direct medical records beyond prescribed medications were not involved, the combination of personal details and health-related information necessitates vigilance from affected users. The potential for this data to be used in identity-related fraudulent activities is a significant concern.

ManageMyHealth’s Immediate Response

Upon discovering the breach in late December, ManageMyHealth took immediate action to mitigate the situation. The company secured its systems to prevent further unauthorized access, a vulnerability that was quickly identified and rectified. ManageMyHealth also engaged specialized cybersecurity experts to conduct a thorough investigation into the incident, ensuring a comprehensive understanding of how the breach occurred and its full impact.

Furthermore, ManageMyHealth has actively cooperated with relevant authorities. The company confirmed it has been working with CERT NZ, the national computer emergency response team, and has notified the privacy commissioner about the incident. Affected users have also been directly informed via email about the breach and advised on necessary protective measures.

Recommendations for Affected Users

In light of the compromised data, ManageMyHealth and cybersecurity experts recommend that affected users take several precautionary steps to safeguard their personal information:

• **Monitor for Suspicious Activity:** Users should remain highly vigilant for any unusual or unsolicited communications, particularly those attempting to solicit further personal details or financial information (phishing attempts).
• **Change Passwords:** It is advisable to change passwords for ManageMyHealth accounts. If the same password or variations of it are used for other online services, those passwords should also be updated immediately.
• **Report Incidents:** Any suspicious activity related to personal information or potential identity theft should be reported to the appropriate authorities, such as the local police service or CERT NZ.

The breach serves as a stark reminder of the ongoing challenges in maintaining digital security, especially for platforms handling sensitive health information. Users are encouraged to adopt robust online security practices to protect their data in an increasingly complex digital landscape.