ManageMyHealth Data Breach

Forums › Health and fitness › ManageMyHealth Data Breach

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 29

1274 posts

Uber Geek
+1 received by user: 858

#3448828 1-Jan-2026 22:05

Something I've been wondering about since this happened - why is ALL the data stored publicly-facing?

Let's say you get a test, you get the results and then you read them a day, a week, maybe a month later. This makes sense to me.

It also makes sense to me that the data is stored privately and securely in the GPs own practise in perpetuity.

But why was there ever a need to have records from some twenty, thirty, or even more, years ago available online?

Sure, most of it will be noise and of very little benefit. Maybe a broken finger from a childhood injury? But some, they will be much more serious - maybe a mental health breakdown or STI results from when your partner cheated on you?

What benefit does it bring for these records to be available? It just seems like a massive risk - especially now that this has happened.

wazzageek

1095 posts

Uber Geek
+1 received by user: 108

ID Verified

Trusted

Lifetime subscriber

#3448838 1-Jan-2026 22:49

boosacnoodle:

Something I've been wondering about since this happened - why is ALL the data stored publicly-facing?

Without knowing the details of the exploit, hard to answer this one. Was it a compromised server? Compromised API? Incorrectly secured backup? Data incorrectly copied to a test server? An internal job?

It also makes sense to me that the data is stored privately and securely in the GPs own practise in perpetuity.

perpetuity makes no sense to me - this is what data retention policies should clarify. Note I’m assuming we’re talking about digital records here.

But why was there ever a need to have records from some twenty, thirty, or even more, years ago available online?

Sure, most of it will be noise and of very little benefit. Maybe a broken finger from a childhood injury? But some, they will be much more serious - maybe a mental health breakdown or STI results from when your partner cheated on you?

What benefit does it bring for these records to be available? It just seems like a massive risk - especially now that this has happened.

The guise of convenience - it’s there for you, you don’t need to have a record yourself. And with online storage being so cheap, one doesn’t have to have complicated retention policies - just keep it all :-)

snj

305 posts

Ultimate Geek
+1 received by user: 221

#3448843 1-Jan-2026 23:42

boosacnoodle:

What benefit does it bring for these records to be available? It just seems like a massive risk - especially now that this has happened.

As we're finding out more and more with medicine, past conditions (even if minor) can often serve as indication of risk factors for other conditions. Of course, no always to a patient's benefit, if insurance sees a past broken finger (to take your example), and it's rebroken, maybe they'll use the past weakness as a reason to decline.

But certainly having historic clinic notes and prescription information is helpful, I had awful side effects to a drug once, not major enough to be noted other than swapping for something else, but still. When my current doctor over 10 years later wanted to prescribe something from the same class of drugs, I mentioned it (with timeframe) and he was able to track down which it was easily.

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 858

#3448882 2-Jan-2026 10:15

wazzageek:

It also makes sense to me that the data is stored privately and securely in the GPs own practise in perpetuity.

perpetuity makes no sense to me - this is what data retention policies should clarify. Note I’m assuming we’re talking about digital records here.

Almost all GPs will have digital records now - there's no getting away from that. However, most clinics (around 70%) use MedTech to store those records and that is generally operated locally. Some may operate in a cloud-esque environment, but this is usually via the local PHO and is securitised in some way so that general internet access is not generally allowed. None of this is required to be stored online on the general internet - where it can be breached - is more my point.

There are a variety of reasons why you would want to keep data in perpetuity. Childhood vaccines, for example, so when there is a measles outbreak you can check if you're vaccinated absolutely makes sense.

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 858

#3448884 2-Jan-2026 10:16

snj:

As we're finding out more and more with medicine, past conditions (even if minor) can often serve as indication of risk factors for other conditions. Of course, no always to a patient's benefit, if insurance sees a past broken finger (to take your example), and it's rebroken, maybe they'll use the past weakness as a reason to decline.

But certainly having historic clinic notes and prescription information is helpful, I had awful side effects to a drug once, not major enough to be noted other than swapping for something else, but still. When my current doctor over 10 years later wanted to prescribe something from the same class of drugs, I mentioned it (with timeframe) and he was able to track down which it was easily.

I'm agreeing with you. These records should be kept - but they probably shouldn't be generally available online decades after the fact.

Perhaps what is needed is the ability for the patient to choose - do I want just test results available online, or everything? Just the last 3 months or last 3 decades? For example. Right now, it's all or nothing.

Eva888

2762 posts

Uber Geek
+1 received by user: 2427

Lifetime subscriber

#3448889 2-Jan-2026 10:38

Under Privacy laws could one stipulate that medical records be destroyed except for say the past 2 years worth or whatever I wish and a copy of those old records given only to me? This is out of control and no longer between you and your doctor, when the entire team at a practice also has access and who knows how many others. The system needs a shake up.

When you take out insurance you sign to allow access to your records when you claim and I don’t think they should be able to go back as far as they please and to read assumptions made, often wrong which could skew their assessment of you.

Example I have a front page big red caution on mine that says Pre-diabetic. I am not diabetic nor ever was. In fact when my sugar results come in, there’s a note next to the number cautioning that if I am diabetic that reading is too low and to beware of hypoglycaemia. Yet am tarred with this silly diagnosis that I don’t want. We are also pre-death and pre-many afflictions.

This is future profiling that can bite you back hard. Genetic markers could show a predisposition to some obscure disease I may never get in future yet this would be recorded and used to profile you and it should be within everyone’s rights to censor their personal information.

I know of one such case in Australia already that has affected the persons ability to get travel insurance after they were deemed genetically predisposed to thrombosis but also told it may never happen in their lifetime. The way things are now I would flatly refuse any gene testing.

Dyson

Shop now for Dyson appliances (affiliate link).

freitasm

BDFL - Memuneh
80654 posts

Uber Geek
+1 received by user: 41048

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#3448891 2-Jan-2026 10:49

Eva888:

Example I have a front page big red caution on mine that says Pre-diabetic. I am not diabetic nor ever was. In fact when my sugar results come in, there’s a note next to the number cautioning that if I am diabetic that reading is too low and to beware of hypoglycaemia. Yet am tarred with this silly diagnosis that I don’t want. We are also pre-death and pre-many afflictions.

You have the right to review your records, request these to be deleted (with some exceptions) and have them updated/correct any time you see fit.

https://www.privacy.org.nz/your-rights/your-privacy-rights/

Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 858

#3448902 2-Jan-2026 11:38

The Health (Retention of Health Information) Regulations 1996 mandates retaining health data for a period of 10 years but is silent on when it should be deleted, as far as I can see.

geek3001

220 posts

Master Geek
+1 received by user: 331

ID Verified

Subscriber

#3448960 2-Jan-2026 12:17

boosacnoodle:

The Health (Retention of Health Information) Regulations 1996 mandates retaining health data for a period of 10 years but is silent on when it should be deleted, as far as I can see.

I recently had a medical issue that would benefit from obtaining medical records from a visit to a NZ public hospital twenty three years ago.

I followed the process to request my medical records, fully expecting to be told records aren't kept that long.

Much to my surprise, within just twenty four hours of placing the request, I had a large PDF file available for download. The specialist was equally surprised when I forwarded the records to them.

A similar request for familial family medical history purposes for my deceased parent's medical records made in my capacity as Executor, dating back fourteen years, was handled without issue. That resulted in over twelve hundred pages of scanned hospital notes - literally everything from multiple hospital visits.

Clearly our medical records are being kept for a lot longer than ten years, including after people die.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3448972 2-Jan-2026 12:54

Being able to retrieve records doesn't necessarily mean an organisation is holding them. It's common practice for records to be archived after their retention period, then destroyed by the org that held them. Those records are then retrievable from Archives NZ in certain scenarios. I'm not saying all orgs do this correctly, whether private or public.

MichaelNZ

1594 posts

Uber Geek
+1 received by user: 485

Trusted

Net Trust Ltd

#3448977 2-Jan-2026 13:30

I received three unsolicited emails in 2024 and last year requesting me to signup to Manage My Health.

I did not proceed because I didn't trust Manage My Health, for precisely this sort of reason.

This is the entirety of their side of their "security" statement:

"We use Transport Layer Security (TLS 1.2) to secure communications between ManageMyHealth and you"

Manage My Health > Security

Wow, so what exactly is their security? Any standards? Any auditing? I assume they would have told us if there were. To top it off 90% of that page is dedicated to a irrelevant lecture of the patient and no surprises MMH have been found wanting.

In this situation there is no permission, no signup, and no contract between me and MMH.

However, I did not enquire into what information they had been given beyond my name and email address for the invite.

So I sent the GP centre a Privacy Act request to dig into exactly what information they have handed out.

I suggest others do the same and apply pressure on their clients, in this case the GP's. Because the problem here is their use of platforms like MMH is entirely a unilateral choice but when it goes to custard they get the deniability.

The patients are the ones who lose out here.

Unless the people making these choices have consequences they will continue to opt for shiny things. They are not IT people and anyone who agreed to a cloud platform (for information of this nature) based on the link above is way out of their depth.

WFH Linux Systems and Networks Engineer in the Internet industry | Specialising in Mikrotik | APNIC member | Open to job offers | ZL2NET

Mighty Ape

Shop now at Mighty Ape (affiliate link).

Beccara

1473 posts

Uber Geek
+1 received by user: 517

ID Verified

#3448987 2-Jan-2026 14:50

boosacnoodle:

wazzageek:

It also makes sense to me that the data is stored privately and securely in the GPs own practise in perpetuity.

perpetuity makes no sense to me - this is what data retention policies should clarify. Note I’m assuming we’re talking about digital records here.

However, most clinics (around 70%) use MedTech to store those records and that is generally operated locally. Some may operate in a cloud-esque environment, but this is usually via the local PHO and is securitised in some way so that general internet access is not generally allowed.

That is not the case and hasn't been for a while. Atleast half of GP's are in non-onprem deployment setup and practically no PHO is doing hosting, i'm not aware of any at this point in time. General internet access is allowed and arguable required for GP's to access all the resources they need

Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated

boosacnoodle

1274 posts

Uber Geek
+1 received by user: 858

#3448993 2-Jan-2026 15:05

Beccara:

That is not the case and hasn't been for a while. Atleast half of GP's are in non-onprem deployment setup and practically no PHO is doing hosting, i'm not aware of any at this point in time. General internet access is allowed and arguable required for GP's to access all the resources they need

Not sure where you are based but I can tell you this is not the case in Greater Canterbury at least.

Munrog

6 posts

Wannabe Geek
+1 received by user: 8

#3449065 2-Jan-2026 17:26

up until recently the vast majority of General Practices stored your data on servers dedicated to the clinic. These servers ranged in the level of maintenance and security they had. And in almost all cases access to the outside world was through a $200 “firewall” device.

effectively your data was not that secure. Think old servers operating in cupboards with backup devices (if there was one) usually in the same cupboard.

the introduction of cloud based PMS indici forced Medtech to make some technology changes including encrypting data at rest and trying to produce a product that could compete in the new cloud world. Unfortunately rather than move to web based product they remained on client server architecture (basically the initial release of the product, Evolution featured a move from Borland database to SQL server. The underlying code and the user interface barely changed)

As a result there was slow uptake of the new product. Instead practices stayed on the previous version of Medtech (medtech32) built in the late 1990s and released 1999/2000. It wasn’t until FEB 2025 that the last of the clinics on M32 finally moved to the newer evolution.

evolution was released around 2010 and offers clinic based or hosted options but remains client server in both deployment modes. If your clinic is using evolution they are on software coming up 16-17 years old. Think about that for a minute. How many other highly sensitive systems in private hands use software that old?

not much of this is relevant to the current breach except to say that ManageMyHealth only integrates with Medtech so it is only GPs using this platform that are impacted. Currently that is about 70% of the market. The remaining clinics are on indici or other PMS and if your clinic is one of those your data is not impacted.

sampler

468 posts

Ultimate Geek
+1 received by user: 126

ID Verified

Trusted

Lifetime subscriber

#3449067 2-Jan-2026 17:31

I was always under the impression medical records (at a GP level) are kept 10 years (and 1 day) after the last contact record with the patient.
PHO's would remove a person from their register (and thus need to re-enrole with their GP of choice) if there was no contact after 3 years.

As others have stated an "inactive" patient record it kept within the system until the 10 year time frame, at that point in time (and a while ago when I was dealing with Medtech) the "clean up" tool for 10 years was an over grown SQL statement but there was a way for the practice to archive the data too

boosacnoodle:

The Health (Retention of Health Information) Regulations 1996 mandates retaining health data for a period of 10 years but is silent on when it should be deleted, as far as I can see.

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | ... | 29