Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsHealth and fitnessManageMyHealth Data Breach
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | ... | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | ... | 29
alasta
6896 posts

Uber Geek
+1 received by user: 3376

Trusted
Subscriber

  #3450367 6-Jan-2026 14:16
Send private message quote this post

matthewperrin:

 

Further, my understanding is that all documents stored under the "My Health Documents" feature were compromised as they did not previously need the correct authentication to be accessed or otherwise listed and that would mean that all patients who have documents there are victims.

 

 

Yet strangely they have indicated that only about 8% of MMH users are affected. You'd think that the majority of MMH users would have at least one document on the system.

 

Maybe the reference to 8% was just the sample that the hackers originally released?



wellygary
8830 posts

Uber Geek
+1 received by user: 5312


  #3450368 6-Jan-2026 14:19
Send private message quote this post

This debacle is spiralling into farce, The "hackers" are now apparently "in negotiations" 

 

 

 

"The Manage My Health hacker, holding private data on more than 120,000 Kiwis, has set a new deadline for resolution – 5am on Friday.

 

 

The hacker had set an early Tuesday morning deadline but, as that passed, confirmed to The Post that they had entered negotiations with privately owned Manage My Health and would “not share the files during the communication period”. Manage My Health was approached for confirmation

 

 

 

 

 

 

The hacked later confirmed they had set a 5am cut-off time for those negotiations"

 

https://www.thepost.co.nz/nz-news/360926388/will-manage-my-health-hacker-release-confidential-patient-data-today

 

 

 

Rikkitic
Awrrr
19086 posts

Uber Geek
+1 received by user: 16356

Lifetime subscriber

  #3450378 6-Jan-2026 14:51
Send private message quote this post

Whoever is on the MMH end of this is clearly in panic mode, randomly bashing buttons in the hope something will work. This is obvious from the way they have handled this from the beginning, choosing silence over honest information sharing and now illogically saying they will only inform those affected, meaning those who don't hear anything have no way of confirming if they are affected or not. Communication, delayed and limited as it is, is entirely one-way, consisting of a handful of 'faqs'. There is no way to ask anyone a question or engage in dialogue. This is an absolute klown kar shit show. 

 

  




Plesse igmore amd axxept applogies in adbance fir anu typos

 


 



geek3001
224 posts

Master Geek
+1 received by user: 334

ID Verified
Subscriber

  #3450381 6-Jan-2026 15:05
Send private message quote this post

Today's update at https://managemyhealth.co.nz/mmh-cyber-breach-update-6-january-2026/ does not really add anything to what we already know, however they are inviting those that wish to contact MMH to do so:

 

Contact

 

In the interim, if any patients or practices have any concerns or questions, please contact us directly via info@managemyhealth.co.nz

 

 

wellygary
8830 posts

Uber Geek
+1 received by user: 5312


  #3450388 6-Jan-2026 15:33
Send private message quote this post

geek3001:

 

Today's update at https://managemyhealth.co.nz/mmh-cyber-breach-update-6-january-2026/ does not really add anything to what we already know, however they are inviting those that wish to contact MMH to do so:

 

Contact

 

In the interim, if any patients or practices have any concerns or questions, please contact us directly via info@managemyhealth.co.nz

 

 

And what ability do they have to actually triage/reply to the likely hundreds of thousands of emails they will get.... 

 

Providing a generic contact email sounds like a move to satisfy a compliance requirement rather than an actual effort to provide more tailored information....

geek3001
224 posts

Master Geek
+1 received by user: 334

ID Verified
Subscriber

  #3450389 6-Jan-2026 15:38
Send private message quote this post

wellygary:

 

This debacle is spiralling into farce, The "hackers" are now apparently "in negotiations" 

 

"The Manage My Health hacker, holding private data on more than 120,000 Kiwis, has set a new deadline for resolution – 5am on Friday.

 

The hacker had set an early Tuesday morning deadline but, as that passed, confirmed to The Post that they had entered negotiations with privately owned Manage My Health and would “not share the files during the communication period”. Manage My Health was approached for confirmation

 

The hacked later confirmed they had set a 5am cut-off time for those negotiations"

 

https://www.thepost.co.nz/nz-news/360926388/will-manage-my-health-hacker-release-confidential-patient-data-today

 

 

MMH said yesterday https://managemyhealth.co.nz/mmh-cyber-breach-update-5-january-2026/

 

Any ransom demand is a matter for NZ Police and Manage My Health will not be making any comment in this regard, as it is an ongoing investigation.

 

The Health Minister is reported as saying no ransom would be paid.

 

If indeed negotiations are occurring, and MMH's comments are to be believed, then are we to believe that trained (hostage?) negotiators from Police are negotiating with the threat actor?

 

Who's fooling who here?!

 

Total farce, unless of course the threat actor has more data than we have been led to believe, which would make things far worse.

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
Rikkitic
Awrrr
19086 posts

Uber Geek
+1 received by user: 16356

Lifetime subscriber

  #3450391 6-Jan-2026 15:45
Send private message quote this post

wellygary:

 

And what ability do they have to actually triage/reply to the likely hundreds of thousands of emails they will get.... 

 

Providing a generic contact email sounds like a move to satisfy a compliance requirement rather than an actual effort to provide more tailored information....

 

 

Good point but I emailed them anyway. I will post here if I get a reply. 

 

 




Plesse igmore amd axxept applogies in adbance fir anu typos

 


 

raytaylor
4079 posts

Uber Geek
+1 received by user: 1298

Trusted

  #3450392 6-Jan-2026 15:50
Send private message quote this post

FineWine:

 

Have not read the entire topic, so don't know if this has already been mentioned. It appears MMH is now asking, at login, for users to change their password using an email sent verification code.

 

Also noticed server response times are slow, so be patient.

 

 

Had me worried there. 
Crisis averted - you can just input the same password as you were using before and it will accept it. 




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

raytaylor
4079 posts

Uber Geek
+1 received by user: 1298

Trusted

  #3450395 6-Jan-2026 16:11
Send private message quote this post

matthewperrin:

 

Further, my understanding is that all documents stored under the "My Health Documents" feature were compromised as they did not previously need the correct authentication to be accessed or otherwise listed and that would mean that all patients who have documents there are victims.

 

 

I just logged in and I dont have anything in the documents section. I expect this just has a database list of documents and points to the storage locations on some sort of azure storage space - and perhaps that storage space was unlocked or publicly accessible if you knew the correct URL format. 

 

I dont actually have any documents in there. It seems all my blood test results and messages from the A&E centre all come in via some sort of text based transfer system, probably an API, and not as actual word or pdf documents. 
Prescriptions all seem to be in plaint text format too. 

 

I have been going to the doctor more recently so it doesnt surprise me if I dont have any documents in there then its unlikely most people would - unless they have gone to a specialist or something. 
Even then, i went to a skin cancer specialist and there are no documents there either - they also came back as lab results in the text only format. 

 

So I am not surprised its less than 8% of users affected. 




Ray Taylor

There is no place like localhost

Spreadsheet for Comparing Electricity Plans Here

alasta
6896 posts

Uber Geek
+1 received by user: 3376

Trusted
Subscriber

  #3450398 6-Jan-2026 16:13
Send private message quote this post

I think one of the key lessons from this incident is that any organisation holding large volume of personal data needs to have a comprehensive crisis management plan in place before a data breach occurs. It's becoming apparent that MMH haven't done this. 

alasta
6896 posts

Uber Geek
+1 received by user: 3376

Trusted
Subscriber

  #3450399 6-Jan-2026 16:15
Send private message quote this post

raytaylor:

 

I have been going to the doctor more recently so it doesnt surprise me if I dont have any documents in there then its unlikely most people would - unless they have gone to a specialist or something. 
Even then, i went to a skin cancer specialist and there are no documents there either - they also came back as lab results in the text only format. 

 

So I am not surprised its less than 8% of users affected. 

 

 

I very rarely go to the doctor but still have a handful of documents about routine things. That includes a memo from my dermatologist to my GP to inform them of my annual checks. 

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
wellygary
8830 posts

Uber Geek
+1 received by user: 5312


  #3450409 6-Jan-2026 16:40
Send private message quote this post

This is beginning to scream disgruntled former employee,

 

The ransom amount is small, the data hasn't been released and now we find out they used valid credentials to log in...

 

"Vino Ramayah told RNZ hackers who have seized hundreds of thousands of files from more than 120,000 patients "got in through the front door".
...
Ramayah described the major breach as a "password accessed intrusion".
"They came in through the front door using a valid user password."
The deadline for a $60,000 ransom was initially thought to expire early on Tuesday morning, but Ramayah confirmed that deadline has now shifted.

 

"From what we have understood from the tracking and the kind of announcements in the dark web which we are monitoring the deadline is 5am on Friday."
But he said deadlines had come and gone "many times" and out of principal he would not comment on what people put up on the dark web.

 

https://www.rnz.co.nz/news/national/583319/manage-my-health-ceo-trust-us-even-though-we-ve-dropped-the-ball

 

 

turtleattacks
1008 posts

Uber Geek
+1 received by user: 305

Trusted

  #3450411 6-Jan-2026 16:44
Send private message quote this post

wellygary:

 

This is beginning to scream disgruntled former employee,

 

The ransom amount is small, the data hasn't been released and now we find out they used valid credentials to log in...

 

"Vino Ramayah told RNZ hackers who have seized hundreds of thousands of files from more than 120,000 patients "got in through the front door".
...
Ramayah described the major breach as a "password accessed intrusion".
"They came in through the front door using a valid user password."
The deadline for a $60,000 ransom was initially thought to expire early on Tuesday morning, but Ramayah confirmed that deadline has now shifted.

 

"From what we have understood from the tracking and the kind of announcements in the dark web which we are monitoring the deadline is 5am on Friday."
But he said deadlines had come and gone "many times" and out of principal he would not comment on what people put up on the dark web.

 

https://www.rnz.co.nz/news/national/583319/manage-my-health-ceo-trust-us-even-though-we-ve-dropped-the-ball

 

 

 

 

Just about to ask... so it wasn't an open bucket? 




----

 

Creator of whatsthesalary.com and whatstheincometax.com

yitz
2240 posts

Uber Geek
+1 received by user: 594


  #3450413 6-Jan-2026 16:52
Send private message quote this post

turtleattacks:

 

Just about to ask... so it wasn't an open bucket? 

 

 

Sounds like someone gained access to the CDN account and pulled up request logs and turned off URL signatures (the "ACL issue" that was shortly reverted)... especially seeing as files are now being delivered as blob URLs and they might be doing some work on the back end (slow response times noted).

turtleattacks
1008 posts

Uber Geek
+1 received by user: 305

Trusted

  #3450414 6-Jan-2026 16:54
Send private message quote this post

turtleattacks:

 

wellygary:

 

This is beginning to scream disgruntled former employee,

 

The ransom amount is small, the data hasn't been released and now we find out they used valid credentials to log in...

 

"Vino Ramayah told RNZ hackers who have seized hundreds of thousands of files from more than 120,000 patients "got in through the front door".
...
Ramayah described the major breach as a "password accessed intrusion".
"They came in through the front door using a valid user password."
The deadline for a $60,000 ransom was initially thought to expire early on Tuesday morning, but Ramayah confirmed that deadline has now shifted.

 

"From what we have understood from the tracking and the kind of announcements in the dark web which we are monitoring the deadline is 5am on Friday."
But he said deadlines had come and gone "many times" and out of principal he would not comment on what people put up on the dark web.

 

https://www.rnz.co.nz/news/national/583319/manage-my-health-ceo-trust-us-even-though-we-ve-dropped-the-ball

 

 

 

 

Just about to ask... so it wasn't an open bucket? 

 



I mean... it might be someone able to log into with a valid password into a normal account but the normal account has access to all the files in the bucket.... so he's correct technically. 




----

 

Creator of whatsthesalary.com and whatstheincometax.com

1 | ... | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | ... | 29
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright