One of more than 350 GP practices across New Zealand affected by a cybersecurity breach late last year, QMC announced last Friday it had given Manage My Health 90 days’ notice of terminating its contract.
Mr Light told Allied Media the breach was a "criminal activity and highly complex", but the medical centre had been frustrated by Manage My Health’s "unclear communication to our patients" since the incident.
"That frustration’s led us to looking for a better solution in the long term.
"There are some good alternative providers out there, and one of our key priorities is to ensure their data storage and cybersecurity is highly graded."
QMC was now doing due diligence on alternative providers and would have a new contract in place by April 9, he said.
A hacker or group of hackers known as "Kazu" accessed or downloaded hundreds of thousands of files from Manage My Health — New Zealand’s largest patient health information portal — on December 29, then demanded a $US60,000 ($NZ104,000) ransom from the company.
Mr Light said some patients had contacted QMC to say they had been affected, but he did not know how many were in the same boat because Manage My Health was only informing its users directly. Meanwhile, QMC was sharing all the information it received on the unfolding situation on its website.
"We don’t know any more than the patients, and what we’re reading in the media."
Patients could check whether their personal data had been affected by logging into the Manage My Health app or website.
They could also get their data deleted by closing their account with Manage My Health.
"We’re leaving it up to patients to make their own decision on that. We can’t do that on their behalf."
Although QMC was no longer adding consultation notes and lab results to the Manage My Health database, its patients could continue using the portal — to book appointments, order prescriptions and message their GP — if they wanted to, he said.
Manage My Health, which has been granted a High Court injunction preventing anyone from accessing or sharing the stolen data, said the breach affected 6% to 7% of the 1.8 million users of its app’s "My Health Documents" module.
Live medical records, GP notes, specialist referral documents, prescriptions, secure messaging and appointment systems were not accessed or affected, the company said.
