Our Medical centre uses this. Bloody annoying. I don't need the anxiety of this.

MikeB4:

 

Our Medical centre uses this. Bloody annoying. I don't need the anxiety of this.

 

i've never signed up to any of this and yet my privacy could be breached i hear, and i don't even know if there is a possibility as some say yes some say no (possibility).

Can you opt out of MMH? Didn’t like it from the onset but thought we didn’t have a choice. 

Well it’s now offline

This website is temporarily unavailable due to urgent maintenance while a security review is completed. During this maintenance window, our systems will be temporarily unavailable.

Not sure I am buying the ransom attack. The amount asked for $US60,000 is too little.

Can just imagine the number of health insurance execs who reached for their credit cards to pocket all that sweet info (mine included) for $60k.

Incredibly, it's back online again now.

My clinic uses MMH and I seem to have an account there though I don't really remember how I acquired it. I don't have any prescriptions and I am not being treated for anything on an ongoing basis. I see my doctor once every two years to renew my license and that is it. My vaccination history is there but that is about all. I am not personally bothered much by this as I can't think of any highly sensitive information that would be present there. Should I be? I do think MMH deserves to be raked over the coals on general principles.

It’s easy to delete your MMH account. This can be done by logging in, going to the bottom of the sidebar, and choosing Close Account. This states that it permanently deletes your data. Remains to be seen if this true.

boosacnoodle:

 

It’s easy to delete your MMH account. This can be done by logging in, going to the bottom of the sidebar, and choosing Close Account. This states that it permanently deletes your data. Remains to be seen if this true.

 

Next Tui Billboard

There seem to be three main concerns here:

 

1. Sensitive medical records out in the wild.
2. Risk of identity theft.
3. Risks associated with naive people re-using passwords.

It sounds like it's pretty much confirmed that (1) above has occurred. It's not clear whether we should be worried about (2) or (3) as I don't think there has been any confirmation that passwords, date of birth, or address details have been leaked? Thankfully it seems unlikely that the system held any identity documents. 

Bad start of the New Year (just reading it this morning). Do have a MMH account, but my GP actually uses a different system, so limited health info damage.

Still identity information like NHIs, DOB, full names, password used will likely be out there. So some vigilance required I suspect.
Perhaps that is the reason the ransom is only $60k, they have already sold it a couple of times :-( Really hope I'm wrong.

Wish the people involved in the response good luck and I hope the root cause is shared so we can all learn from it and increase the overall security.

Lightbulb:

 

Well...I've just changed my password (successfully)

 

At the same time I decided to set up 2FA - apparently successfully as the website says that 2FA is "Enabled"

 

Logged out and closed chrome browser and reopended browser and logged back in using new password - success, I'm in - but didn't have to put in 2FA codes

 

Tried on my Iphone - same thing.

 

Is 2FA working?? 

 

I did the same yesterday and came to the same conclusion - 2FA does not work!!! I think there were posts elsewhere stating the same.

Today I went to get rid of the 2FA which I think was under the Security tab, but as soon as I click on the Security tab I am logged out. Seems they have done things in the background, one wonders why. I've changed my PW yet again.

MartinGZ:

 

I did the same yesterday and came to the same conclusion - 2FA does not work!!! I think there were posts elsewhere stating the same.

 

Today I went to get rid of the 2FA which I think was under the Security tab, but as soon as I click on the Security tab I am logged out. Seems they have done things in the background, one wonders why. I've changed my PW yet again.

 

What 2FA method are they using, and where does one configure it?

I can't see any 2FA set up options, nor can I see a 'Security' tab.

At logon, I can either log on with my email address and password, or receive an OTP to my email address.

Is the OTP to my email address what they are using for 2FA?