ManageMyHealth Data Breach

Forums › Health and fitness › ManageMyHealth Data Breach

1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | ... | 29

2763 posts

Uber Geek
+1 received by user: 2429

Lifetime subscriber

#3450319 6-Jan-2026 11:25

Banks tell you not to click links in emails because of the dangers and to go to the website directly. MMH has just sent an email with a clickable link.

If a tech dimwit like me can figure out the danger you would think that with all their current problems they would not be sending emails with clickable links. Makes you wonder how much more inept they can be.

Rikkitic

Awrrr
19071 posts

Uber Geek
+1 received by user: 16318

Lifetime subscriber

#3450325 6-Jan-2026 11:37

As a paranoid elderly person, I have always kept a low profile as a matter of principle. I am active on Geekzone because it has value for me but I am not on any other social media site, unless you count Whirlpool, which I rarely visit.

I am careful with my personal information and only share what I absolutely have to in order to access something I need. I have reluctantly given up my birth date to a select few sites because they insisted on it. Some also have my email. But there are not very many.

I am fortunate that I do not seem to have any major health issues requiring ongoing treatment, so there is almost no medical information about me on Manage My Health or anywhere else. I use MMH mainly just to keep track of my vaccinations.

In general, I am old and crotchety and argumentative so I never give up anything just because I am asked for it. There has to be a good, verifiable reason. Even so, I know there will be personal information about me that has made it into public spaces. But I never open any emails or messages from unknown sources. My dumb phone is for essential use only. I have multiple email accounts for multiple purposes. I never click on anything if I don’t know what it is. Even on Geekzone I share minimal personal information. I guess the world now knows I am old, but not a whole lot more.

I know better than to think this is any kind of guarantee, but it gives me a reasonable degree of security without completely hobbling me. The main thing is to not become a worthwhile target. I am old, poor and a pensioner. No riches to be had here.

Years ago I had an account on Neighbourly but most of the posts were just commercial operations trying to sell me something. I got tired of it and killed my account. Don’t know if there is any residual information but there wasn’t much to start with and I haven’t heard anything from them in years.

I once briefly had a Facebook account. They made it really difficult to cancel, which pissed me off, so I went to the extra trouble to ensure it was well and truly gone. They never had anything except the email I used. I only got the account to see what it was about. I saw, and left.

I have decided to leave MMH alone until things play out and I know more. Eventually I may lodge a complaint with my medical practice if they continue using it. Whatever happens, MMH will not continue in its present form, if at all. I am not changing my password for the moment since there is nothing I need to keep hidden from the public. I want to see what happens.

Plesse igmore amd axxept applogies in adbance fir anu typos

matthewperrin

22 posts

Geek
+1 received by user: 11

#3450331 6-Jan-2026 11:49

Kazu just published that the specific attack against MMH came from Cuba?

Cuba

MikeB4

MikeB4
18776 posts

Uber Geek
+1 received by user: 12767

ID Verified

Trusted

Subscriber

#3450332 6-Jan-2026 11:49

My wife works for a company heavily involved with cyber security. Her comments regarding this fiasco “you would see more professionalism at an amateur night at a local pub”

Here is a crazy notion, lets give peace a chance.

k1w1k1d

1714 posts

Uber Geek
+1 received by user: 1314

#3450335 6-Jan-2026 12:06

I hope MyIndici is taking note and making sure their security is top notch.

xpd

Geek of Coastguard
14116 posts

Uber Geek
+1 received by user: 4579

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#3450337 6-Jan-2026 12:25

And I just got an email wanting me to login to read a message about the breach.... omfg. Muppets.

Like @MikeB4 's comment, they have not dealt with this very well at all.

I refuse to log into that site until they've had a 3rd party (thats not after a ransom :) ) audit it and provide their findings.

Will be advising my GP as such as well.

XPD / Gavin

LinkTree

Dell

Shop now for Dell laptops and other devices (affiliate link).

geek3001

221 posts

Master Geek
+1 received by user: 331

ID Verified

Subscriber

#3450339 6-Jan-2026 12:35

xpd:

And I just got an email wanting me to login to read a message about the breach.... omfg. Muppets.

Like @MikeB4 's comment, they have not dealt with this very well at all.

I refuse to log into that site until they've had a 3rd party (thats not after a ransom :) ) audit it and provide their findings.

Will be advising my GP as such as well.

@xpd if you've received that notification, perhaps your records are included in the breach.

Perhaps you should log on to find out what's actually going on.

You might also like to try their change password functionality, where you can use your current password as your new password.

jordan8thepie1

73 posts

Master Geek
+1 received by user: 18

#3450342 6-Jan-2026 12:45

I also received a communication from my GP practice earlier through Manage my Health. I got an automated message with a clickable link. interestingly the message from the GP had a bunch of FAQ's for the GP practice in it.

below is one of the FAQ's sent out in the message from my GP practice.

Is it safe to continue uploading documents to MMH? There has been some advice that we should disable MMH functions.

MMH has been confirmed to be safe by external international experts, and this has been confirmed by Health NZ.

What they are saying to my GP is that they are perfectly safe to use and just continue doing business as normal on the site.

Batwing

692 posts

Ultimate Geek
+1 received by user: 224

Trusted

Subscriber

#3450345 6-Jan-2026 12:51

xpd:

And I just got an email wanting me to login to read a message about the breach.... omfg. Muppets.

Like @MikeB4 's comment, they have not dealt with this very well at all.

I refuse to log into that site until they've had a 3rd party (thats not after a ransom :) ) audit it and provide their findings.

Will be advising my GP as such as well.

I thought I better not click the link and went to the app,but group messages aren't a function in the app so I was forced to use the mobile site.

Turned out to be a generic statement, so no idea if included yet or not.

It arrived a bit after midnight, and my partner never got an email notification which is odd since it was so generic.

eracode

Smpl Mnmlst
9334 posts

Uber Geek
+1 received by user: 6203

ID Verified

Trusted

Lifetime subscriber

#3450346 6-Jan-2026 13:00

MikeB4:

eracode:

MikeB4:

Received an email and prompt to change email.

Change email or password?

and give a bad actor my new login and password.

Other posters have said they received an email asking them to change their password.

You said you were asked to change your email. I was merely wondering whether that was a typo - and you meant password - or whether you were actually asked to change your email by whoever sent the email to you.

Sometimes I just sit and think. Other times I just sit.

allan

2073 posts

Uber Geek
+1 received by user: 899

ID Verified

Lifetime subscriber

#3450348 6-Jan-2026 13:06

One question that has been going through my mind is: If a medical practice is using MedTech and elects to use MMH for patient accessible records, is all patient data for that practice then exported to MMH and a patient signing up for MMH is just getting access to their data that already exists in MMH, or is that data only exported to MMH on an individual patient basis after they have signed up for MMH?

Geekzone support

Support Geekzone with one-off or recurring donations Donate via PressPatron.

gzt

18689 posts

Uber Geek
+1 received by user: 7827

Lifetime subscriber

#3450349 6-Jan-2026 13:08

jordan8thepie1: below is one of the FAQ's sent out in the message from my GP practice.

Is it safe to continue uploading documents to MMH? There has been some advice that we should disable MMH functions.

MMH has been confirmed to be safe by external international experts, and this has been confirmed by Health NZ.
What they are saying to my GP is that they are perfectly safe to use and just continue doing business as normal on the site.

I'd guess that means the issue that allowed unauthorized access to has been resolved. It's a lot less clear if that also means a full security audit has been completed. The message implies that is the case. I'd be surprised if a full audit has been completed, but that is possible.

xpd

Geek of Coastguard
14116 posts

Uber Geek
+1 received by user: 4579

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#3450351 6-Jan-2026 13:10

jordan8thepie1:

MMH has been confirmed to be safe by external international experts, and this has been confirmed by Health NZ.

I've not seen anything along those lines at all.... I'd like to see an official response from Health NZ AND "external international experts" stating that its 100% safe and secure.

Sure, it could be, but I've dealt with Vino in the past, and hes not exactly someone I'd trust with IT related issues.

XPD / Gavin

LinkTree

cddt

1970 posts

Uber Geek
+1 received by user: 1905

#3450354 6-Jan-2026 13:34

matthewperrin:

Kazu just published that the specific attack against MMH came from Cuba?

If true, some rough calculations show that $60k NZD is equivalent to about 12x the average annual salary in Cuba.

Edit: It looks like it is $60k USD they asked for, so that's more than 20 years of the average annual salary.

matthewperrin

22 posts

Geek
+1 received by user: 11

#3450356 6-Jan-2026 13:53

My understanding from interacting with Indian companies both based in N.Z. and abroad is that it is common to refer to people working in India as either "external" and "international" from the viewpoint of the "foreign" country (being N.Z. in this case) even if they are employed by the same company.

They probably just mean the same staff that initially developed the platform.

Further, my understanding is that all documents stored under the "My Health Documents" feature were compromised as they did not previously need the correct authentication to be accessed or otherwise listed and that would mean that all patients who have documents there are victims.

1 | ... | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | ... | 29