Source: Radio New Zealand
RNZ / Finn Blackwell
The chief executive of beleaguered patient portal Manage My Health says he is open to standing down if required after it “dropped the ball”.
Vino Ramayah told RNZ hackers who have seized hundreds of thousands of files from more than 120,000 patients “got in through the front door”.
He takes full responsibility, he said.
“That’s something for after the dust settles, whether I’m the current or continue to be the CEO,” he said.
“I’m not unprepared to step down if there’s a better person who can do a better job than I did.”
Ramayah described the major breach as a “password accessed intrusion”.
Manage My Health CEO Vino Ramayah. Screenshot / YouTube
“They came in through the front door using a valid user password.”
The deadline for a $60,000 ransom was initially thought to expire early on Tuesday morning, but Ramayah confirmed that deadline has now shifted.
“From what we have understood from the tracking and the kind of announcements in the dark web which we are monitoring the deadline is 5am on Friday.”
But he said deadlines had come and gone “many times” and out of principal he would not comment on what people put up on the dark web.
“And we really don’t know who’s telling the truth and who isn’t telling the truth. But our intention is to do the right thing.”
The chief executive would not be drawn on whether Manage My Health has discussed internally whether it was prepared to pay the ransom.
“I am not inclined to make any statement in that regard because it’s an ongoing investigation, I don’t want to jeopardise any investigations and I will make no comment in that regard,” he said.
When asked again, Ramayah said: “As I have said here, I’m not going to comment on that”.
He also would not say if Manage My Health had been in any negotiations those who took the patient data.
“As I said, I do not wish to comment on this investigation or any activities with any nefarious people, so I’ll leave it at that.”
Ramayah said Manage My Health was itself the victim of crime.
He said patients should trust the company “even though we have dropped the ball”.
Ramayah told RNZ he personally was aggrieved and distressed by the breach.
His own medical records were among those impacted, he said.
“And so is lots of my friends and families. I am deeply distressed that this is out there and this has happened.”
“The doctor – patient relationship was sacrosanct,” he said.
“I think the main point is there has been a crime, we have tried to do our best, as you know, we’ve had staff working around the clock since this incident with very little sleep and we are trying our best to contain the damage and the pain and anxiety patients feel – that is pretty hard for us as an organisation.”
In its latest online update, Manage My Health said it had started contacting GP practices which have affected patients.
Information on appointments and prescriptions were not accessed and the portal is now secure, it said.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
– Published by EveningReport.nz and AsiaPacificReport.nz, see: MIL OSI in partnership with Radio New Zealand
