He will speak to the media at 2.30pm today at his Pakuranga electoral office. The press conference will be livestreamed from the top of this article.
Brown said the review should assess the cause of the breach, review the adequacy of the data protections that were in place, and consider the response to the incident. It should also recommend any improvements required to prevent another breach.
“I know this breach will be very concerning to the many New Zealanders who use ManageMyHealth, and we need assurances around the protection and security of people’s health data,” Brown said.
“Patient data is incredibly personal and, whether it is held by a public agency or a private company, it must be protected to the highest of standards.”
Brown said that while the review should start as soon as possible, it was important the focus continued to be on the immediate response.
The attackers are understood to have asked for a ransom of $60,000.
This ransom post screenshot is from a popular hacking forum.
An “incident management team” has been meeting daily to co-ordinate advice and support across government agencies.
“In the meantime, I expect the ministry to develop terms of reference, in consultation with the Government Chief Digital Officer and the National Cyber Security Centre, and a timeline for the review process,” Brown said.
Health New Zealand has advised there has been no impact on its systems. It is working with primary care providers through General Practice New Zealand to clarify the potential impact on patients and general practices. General practices remain open and providing services.
Jenée Tibshraeny is the Herald’s Wellington business editor, based in the parliamentary press gallery. She specialises in government and Reserve Bank policymaking, economics and banking.