As a ransom demand was set to expire today after the portal was hacked more than a week ago, the company continues to face headwinds to get on top of issues.
It was announced yesterday that University of Otago Emeritus Prof Murray Tilyard has been appointed as an honorary clinical adviser to the Manage My Health board.
In a statement on the Manage My Health website yesterday it said direct notifications to the first 50% of patients affected commenced yesterday morning.
Notifications are being sent via email to the address patients used to register their account, and this communication will be personally addressed to the name associated with the account.
The company said resources were being shared this week with practices, both with affected patients and not, to support practices with communications to their patients.
The breach was limited to data stored in the "My Health Documents" module only. User data stored in the GP-provided "Health Records" module was not compromised as part of this incident.
About 45 Northland-based GP practices are impacted and about 355 "referral-originating" GP practices across New Zealand regions.
Cyber security specialists have told the company the current system environment was secure and operating as intended.
But a Dunedin woman, who wanted to be anonymous, said the Manage My Health app was not working properly and was then told to log on to the website.
"This takes forever to load and it keeps asking you to choose a new password, unsurprisingly," she said.
"Any time you choose an option on the website it has a meltdown and takes many minutes to take you there. At times it just logs you out for no reason."
She said the repeat prescription option would not work.
"Manage My Health need to explain to the public why their website and app are currently unusable and why patients and GP practices should go on trusting them when their product is clearly unstable."
Queenstown Medical Centre has also been hit hard by the breakdown of the portal.
In a notice to patients, it said the breach occurred on December 30 and as of yesterday morning, patients had not received any notification from Manage My Health regarding whether their data has been breached or not.
The centre had become aware some patients were able to see their breach status within the app by logging in as normal, although others have not received notification, nor are able to see their breach status within the app.
"We are increasingly disappointed with the slow pace of communication and lack of clarity from Manage My Health to patients regarding whether their data was affected," the centre said in the notice.
It had support from WellSouth to pressure the portal to get things running correctly but it was "not seeing the progress we would like to see".
The centre was reviewing all options available with regards to the portal. It declined comment when contacted yesterday.
The first deadline to pay a $US60,000 ($NZ104,000) ransom expired on Tuesday morning but it is believed the new deadline is at 5am today. The hacker has not leaked any further data since initially releasing a sample of the stolen documents on December 30.
Manage My Health had put an injunction on using the breached data.
