ManageMyHealth Data Breach

Forums › Health and fitness › ManageMyHealth Data Breach

freitasm

BDFL - Memuneh
80682 posts

Uber Geek
+1 received by user: 41136

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#323669 31-Dec-2025 14:57

ManageMyHealth Data Breach: Kazu Group Claims Ransomware Attack

The Kazu group claims to have breached ManageMyHealth (MMH), a prominent New Zealand-based online platform that allows individuals to manage their medical records, view test results, and communicate with healthcare providers. The extortion group, which has recently emerged as a significant threat to the healthcare sector, posted the claim on its leak site following an alleged exfiltration of sensitive patient information.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

1 | 2 | 3 | 4 | 5 | 6 | ... | 29

4020 posts

Uber Geek
+1 received by user: 1857

ID Verified

Trusted

Lifetime subscriber

#3448440 31-Dec-2025 15:02

My GP uses ManageMyHealth. While I don't have anything particularly interesting in my medical history, I still don't want it or my family's medical history published online.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

Behodar

11117 posts

Uber Geek
+1 received by user: 6116

Trusted

Lifetime subscriber

#3448442 31-Dec-2025 15:04

Mine used to, but hasn't for a few years. Who knows whether MMH deleted all the data or not though...

boosacnoodle

1292 posts

Uber Geek
+1 received by user: 877

#3448443 31-Dec-2025 15:08

Deeply concerning, if true. Even just seeing the look and feel of the website, I felt like this was inevitable (though fancier websites can get hacked, too). I am somewhat surprised that it did not happen sooner. I'd caution people from using the indici platform which has also experienced issues like this previously.

Dynamic

4020 posts

Uber Geek
+1 received by user: 1857

ID Verified

Trusted

Lifetime subscriber

#3448445 31-Dec-2025 15:09

ManageMyHealth have acknowledged the incident.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

clinty

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#3448449 31-Dec-2025 15:34

Behodar:

Mine used to, but hasn't for a few years. Who knows whether MMH deleted all the data or not though...

I just logged in and my records up till my GP moved away from them are there :(

Clint

Munrog

6 posts

Wannabe Geek
+1 received by user: 8

#3448450 31-Dec-2025 15:35

this is what has been claimed to be in Kazu possession

The Kazu group’s attack resulted in the compromise of approximately 108 GB of data, encompassing a staggering 428,337 files. The information allegedly stolen includes:

Full names
Medical records
Test results
Prescription data
Appointment schedules
Health history logs
Personal communication with healthcare providers

In a bid to exploit this breach, the Kazu group has set a ransom demand of $60,000, with a deadline for payment set for January 15, 2026. This alarming situation raises serious concerns about the security of personal health information and the potential risks faced by affected individuals.

Source: https://slfla.com/data-breach/managemyhealth-data-breach-what-you-need-to-know/

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

freitasm

BDFL - Memuneh
80682 posts

Uber Geek
+1 received by user: 41136

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3448453 31-Dec-2025 15:37

Behodar:

Mine used to, but hasn't for a few years. Who knows whether MMH deleted all the data or not though...

Exactly. My GP moved away, to a different service. But what guarantees do we have that a MMH leak wouldn't contain archived data?

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

freitasm

BDFL - Memuneh
80682 posts

Uber Geek
+1 received by user: 41136

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3448454 31-Dec-2025 15:39

clinty:

Behodar:

Mine used to, but hasn't for a few years. Who knows whether MMH deleted all the data or not though...

I just logged in and my records up till my GP moved away from them are there :(

Clint

What a shoddy way to manage data.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

geek3001

224 posts

Master Geek
+1 received by user: 334

ID Verified

Subscriber

#3448455 31-Dec-2025 15:39

Thanks for the heads up @freitasm

My GP practice uses this system significantly, so we patients don't have much choice other than to use it too.

Lots of personal medical history in there in my case, as I suspect with a large number of others too.

I'm not overly impressed - as personal health data should be some of the most secure data that is held. Finding its way into the wrong hands is extremely concerning.

So much for cloud-based solutions - should be renamed to SEC - Someone Else's Computer, over which we plebs have no visibility as to the security etc.

Will be interesting to see if there's any info released indicating whether the data held by MMH is encrypted or just plain text, I presume it's the latter.

Behodar

11117 posts

Uber Geek
+1 received by user: 6116

Trusted

Lifetime subscriber

#3448456 31-Dec-2025 15:40

freitasm:

What a shoddy way to manage data.

With the number of hacks in the media these days, there is absolutely no excuse for hanging onto data for longer than you need it.

freitasm

BDFL - Memuneh
80682 posts

Uber Geek
+1 received by user: 41136

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3448457 31-Dec-2025 15:44

Behodar:

freitasm:

What a shoddy way to manage data.

With the number of hacks in the media these days, there is absolutely no excuse for hanging onto data for longer than you need it.

Sure, I understand individual records can't be deleted from backups, and after a few cycles (weeks, months, years?) they disappear. But in the main database? That's stupid.

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

Geekzone

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

CamH

615 posts

Ultimate Geek
+1 received by user: 327

Subscriber

#3448458 31-Dec-2025 15:46

If they have the data they say they have and it leaks, this will be a real big one. A large amount of medical practices uses ManageMyHealth - pretty much anyone who uses MedTech internally.

This is the data people will want to keep private above anything else. Bit surprising the ransom wasn't higher than $60,000.

raytaylor

4079 posts

Uber Geek
+1 received by user: 1298

Trusted

#3448461 31-Dec-2025 15:55

Dynamic:

My GP uses ManageMyHealth. While I don't have anything particularly interesting in my medical history, I still don't want it or my family's medical history published online.

Your date of birth, address etc are probably in there. DOB being the big one.

I really dont care about the world knowing what prescriptions I have had in the past - but date of birth, full name and address are the worrying things.

Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

Shindig

1625 posts

Uber Geek
+1 received by user: 363

Trusted

#3448462 31-Dec-2025 15:59

Any grounds for compensation or to sue?

The little things make the biggest difference.

Munrog

6 posts

Wannabe Geek
+1 received by user: 8

#3448463 31-Dec-2025 16:02

I think NZ Health Records are classified as 'Sensitive' under PSR framework which is kind of middle of the road. Definitely not highly secure/sensitive. You would be surprised where parts of your health data are likely to be stored - ACC, MSD/WINZ, local PHO, organisations that process the data for reporting to funding organisations, local hospital, pharmacy, allied health professionals, insurance, etc.

Agree ransom amount seems really low, even if in USD.

1 | 2 | 3 | 4 | 5 | 6 | ... | 29