Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsHealth and fitnessManageMyHealth Data Breach
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | ... | 29
Munrog
6 posts

Wannabe Geek
+1 received by user: 8


  #3448464 31-Dec-2025 16:07
Send private message quote this post

in terms of what is supposed to happen

 

  • there is the concept of 'medical in confidence' applied to the data which means organisations should protect your data must be given an equal level of protection unless otherwise classified (e.g., if it were also part of a national security matter)
  • Health Information Privacy requires organisations to

     

    • take "Reasonable" steps to protect the data
    • only collect the data they need
    • only use if for what they say they will use it for
    • securely dispose of the data when no longer needed - this one is tricky for health portals like MMH because consumers are wanting to access their health records, so there is the incentive to keep all the data available to the portal.



MikeFly
192 posts

Master Geek
+1 received by user: 140
Inactive user


  #3448470 31-Dec-2025 16:28
Send private message quote this post

Been on Indici (which is a clown site compared to Managemyhealth) for 5 years after moving towns. All my info is still on MMH address, home phone, mobile, DOB, email and of course records.

 

 

 

Just emailed Kazu group to ask if they could add 200 Viagra and a carton of extra large condoms per week to my medical records before they publish them.

geek3001
220 posts

Master Geek
+1 received by user: 330

ID Verified
Subscriber

  #3448474 31-Dec-2025 16:36
Send private message quote this post

Shindig:

 

Any grounds for compensation or to sue?

 

 

A US attorney appears to be offering assistance:

 

https://slfla.com/data-breach/managemyhealth-data-breach-what-you-need-to-know/



CamH
615 posts

Ultimate Geek
+1 received by user: 327

Subscriber

  #3448475 31-Dec-2025 16:40
Send private message quote this post

geek3001:

 

A US attorney appears to be offering assistance

 

 

This has got to be an ambulance chaser. The initial notice of the breach happened some 12 hours ago, and affects almost 100% New Zealand based stakeholders.

 

What's some US attorney going to do about this, apart from bleed people in NZ dry by charging astronomical fees. I see they do this for every single reported data breach.





Taubin
592 posts

Ultimate Geek
+1 received by user: 243

ID Verified
Subscriber

  #3448476 31-Dec-2025 16:40
Send private message quote this post

geek3001:

 

A US attorney appears to be offering assistance:

 

https://slfla.com/data-breach/managemyhealth-data-breach-what-you-need-to-know/

 

 

They are just doing what American ambulance chasing attorneys do. Chase ambulances (or in this case breaches). The won't be able to do anything in NZ courts at all as they are licensed in California, not NZ. Even if they tried to sue in California courts, there's zero chance it goes anywhere. 




ZL2TOY/ZL1DMP

freitasm

BDFL - Memuneh
80647 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3448477 31-Dec-2025 16:42
Send private message quote this post

geek3001:

 

Shindig:

 

Any grounds for compensation or to sue?

 

 

A US attorney appears to be offering assistance:

 

https://slfla.com/data-breach/managemyhealth-data-breach-what-you-need-to-know/

 

 

It looks like a SEO attempt. I'd say they have nothing to do with NZ law.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

 
 
 
 

Want to support Geekzone and browse the site without the ads? Subscribe to Geekzone now (monthly, annual and lifetime options).

snj

snj
305 posts

Ultimate Geek
+1 received by user: 221


  #3448478 31-Dec-2025 16:43
Send private message quote this post

geek3001:

 

Shindig:

 

Any grounds for compensation or to sue?

 

 

A US attorney appears to be offering assistance:

 

https://slfla.com/data-breach/managemyhealth-data-breach-what-you-need-to-know/

 

 

That looks like some auto generated rubbish to be honest. Heck their form doesn't even have options for out of US. A NZ firm might do one, but even then NZ isn't anywhere near Class Action happy as US or even Australia are.

mentalinc
3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #3448481 31-Dec-2025 17:01
Send private message quote this post

I'd suggest a password change, and if you have reused that password (please don't reuse passwords, use a password manager instead), suggest you change anywhere that is used.

 

Not listed in the dataset, but seems like a large database dump, which I assume would have the users table with passwords etc.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

freitasm

BDFL - Memuneh
80647 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3448482 31-Dec-2025 17:03
Send private message quote this post

@mentalinc:

 

I'd suggest a password change, and if you have reused that password (please don't get a password manager), suggest you change anywhere that is used.

 

 

Why do you say not to use a password manager? It's the easiest way to remember unique, random password for different services.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

mentalinc
3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #3448483 31-Dec-2025 17:04
Send private message quote this post

Poor grammar, edited.
intention was please don't reuse password, instead use a password manager.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

Batman
Mad Scientist
30012 posts

Uber Geek
+1 received by user: 6217

Trusted
Lifetime subscriber

  #3448484 31-Dec-2025 17:06
Send private message quote this post

if my GP uses it but i don't have an account, is my data there?

 
 
 
 

Shop now for Lego sets and other gifts (affiliate link).
boosacnoodle
1271 posts

Uber Geek
+1 received by user: 855


  #3448485 31-Dec-2025 17:11
Send private message quote this post

The leaked data is, unfortunately, fairly easy to find online. It appears to be just scanned in attachments only, think lab results, referrals, etc. While this may include prescriptions, it is misleading to say that it includes prescriptions as if it will include every prescription ever.

 

Scanned documents were (are) stored in an Azure Blob. So, either the blob was not configured with the correct security (where have I heard that before?) or the MMH API endpoint that signed requests before handing them off to Azure didn't perform request validation correctly.

 

Either way, I'm stunned that the website is still up and has not been immediately shutdown to audit for any other possible security issues.

 

Batman:

 

if my GP uses it but i don't have an account, is my data there?

 

 

I don't believe so. Your practise needs to set it up specifically in MedTech per-user, at least it did when I last checked.

mentalinc
3384 posts

Uber Geek
+1 received by user: 1023

Trusted

  #3448489 31-Dec-2025 17:29
Send private message quote this post

Azure Blob could be better than the whole site being owned, if it's where the attachments as you note are saved.




CPU: AMD 5900x | RAM: GSKILL Trident Z Neo RGB F4-3600C16D-32GTZNC-32-GB | MB:  Asus X570-E | GFX: EVGA FTW3 Ultra RTX 3080Ti| Monitor: LG 27GL850-B 2560x1440

 

Quic: https://account.quic.nz/refer/473833 R473833EQKIBX 

robjg63
4161 posts

Uber Geek
+1 received by user: 1426

Subscriber

  #3448493 31-Dec-2025 17:59
Send private message quote this post

Batman:

 

if my GP uses it but i don't have an account, is my data there?

 

 

I would imagine so. 




Nothing is impossible for the man who doesn't have to do it himself - A. H. Weiler

Lightbulb
119 posts

Master Geek
+1 received by user: 10

ID Verified
Lifetime subscriber

  #3448495 31-Dec-2025 18:32
Send private message quote this post

Well...I've just changed my password (successfully)

 

At the same time I decided to set up 2FA - apparently successfully as the website says that 2FA is "Enabled"

 

Logged out and closed chrome browser and reopended browser and logged back in using new password - success, I'm in - but didn't have to put in 2FA codes

 

Tried on my Iphone - same thing.

 

Is 2FA working?? 

1 | 2 | 3 | 4 | 5 | 6 | 7 | ... | 29
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright