Source: Radio New Zealand
Netsafe chief online safety officer Sean Lyons. RNZ
Netsafe is warning people to be extra cautious with emails they receive including their private information, as hackers threaten to release more than 400,000 stolen health documents.
They took the files from the online portal Manage My Health, and 120,000 people are affected.
The Tuesday morning deadline for Manage My Health to pay the US$60,000 ransom passed without the files being publicly shared, but unverified reports appeared to put a new deadline at 5am on Friday.
Manage My Health has identified general practices whose patients have had their private health information breached, but it is not yet clear when those patients will be told.
Netsafe chief online safety officer Sean Lyons said it’s difficult to know what to watch out for while it’s unclear what’s been stolen.
But he said people should have a “raised level of suspicion” about any communication containing their private data.
“Even names, addresses, dates of birth, family members, we hear talk about maybe even scans of passport details,” he said.
Hackers could include that information in an email and claim to be their GP, Manage My Health, or another agency, Lyons said.
“So that kind of … ‘I must know who you are because I hold your NHI number, or I know your address and date of birth, therefore I must be from the agency that I say I am’,” he said.
“So it really is being extra cautious around anything that contains your personal information and asking for more, for money, for more information.”
Lyons said dodgy emails may also apply pressure on people, like giving deadlines for a response or payment, or threatening people that they’re at risk of prosecution or breaking a law.
“Don’t give in to that pressure, contact the agency that somebody says they’re from directly, don’t use any of the communication methods, numbers, email addresses, whatever that they give you.”
People could also contact Netsafe for advice if they are unsure, he said.
Anyone who Manage My Health says has been affected by the data breach has the right to ask the company for more information, Lyons said.
“It’s important that we know what it is that we should be looking out for, to what extent that information of ours has been breached, and what we might need to do to … shore up our privacy position based on it.”
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
– Published by EveningReport.nz and AsiaPacificReport.nz, see: MIL OSI in partnership with Radio New Zealand
