Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsHealth and fitnessManageMyHealth Data Breach
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | ... | 29
Munrog
6 posts

Wannabe Geek
+1 received by user: 8


  #3449068 2-Jan-2026 17:33
Send private message quote this post

boosacnoodle:

 

Beccara:

 

That is not the case and hasn't been for a while. Atleast half of GP's are in non-onprem deployment setup and practically no PHO is doing hosting, i'm not aware of any at this point in time. General internet access is allowed and arguable required for GP's to access all the resources they need

 

 

Not sure where you are based but I can tell you this is not the case in Greater Canterbury at least. 

 

 

 

 

the only other region I can think of where PHO is involved in hosting/maintaining PMS would be Southland. Not sure they do but it’s possible. Most clinics now use TMG Cloudland or similar providers if they are on Medtech. Certainly the “vast majority “ are not using PHO hosting. In fact in most cases PHOs have very little to do with clinic PMS apart from requiring large amount of reporting data in response to funding the clinics through the capitation payment. 



boosacnoodle
1274 posts

Uber Geek
+1 received by user: 858


  #3449071 2-Jan-2026 17:49
Send private message quote this post

White Cross / Tamaki Health is stating on their website that they have been advised by MMH that none of their patients data was impacted. It is not yet clear how that might be possible. Perhaps only some GPs enabled a certain kind of information sharing?

 

The statement shared by MMH at 3 PM today is a bit of a joke and does not state anything that we did not already know.

 

How can they state that the breach is contained when they're still in the investigative phase?

dafman
4054 posts

Uber Geek
+1 received by user: 2652

Trusted

  #3449079 2-Jan-2026 18:09
Send private message quote this post

Hot on the hells of MMH, Neighbourly reporting possible data breaches.



Linux
12182 posts

Uber Geek
+1 received by user: 8476

Trusted
Lifetime subscriber

  #3449080 2-Jan-2026 18:12
Send private message quote this post

dafman:

 

Hot on the hells of MMH, Neighbourly reporting possible data breaches.

 

 

Thread already on Neighbourly

gzt

gzt
18684 posts

Uber Geek
+1 received by user: 7824

Lifetime subscriber

  #3449093 2-Jan-2026 20:17
Send private message quote this post

If your clinic is using evolution they are on software coming up 16-17 years old. Think about that for a minute. How many other highly sensitive systems in private hands use software that old?

Windows Server 2012 is still supported so probably quite a few ; )

Dratsab
3964 posts

Uber Geek
+1 received by user: 1728

Trusted
Lifetime subscriber

  #3449104 2-Jan-2026 22:22
Send private message quote this post

farcus:

 

geek3001: I can't see any 2FA set up options, nor can I see a 'Security' tab.

 

click on your "profile" and it is there.
However, as already mentioned, it has been disabled and now just logs you out.

 

They did support Google and Microsoft 2fa apps only if I remember correctly. I don't use it as I use "authy" and didn't want another app just for this.

 

I use Bitwarden and just clicked the 'Continue' button under the Google Authenticator app. Bitwarden works just fine.

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
NinjaFromNZ
7 posts

Wannabe Geek
+1 received by user: 5


  #3449132 3-Jan-2026 09:34
Send private message quote this post

Lightbulb:

 

Well...I've just changed my password (successfully)

 

At the same time I decided to set up 2FA - apparently successfully as the website says that 2FA is "Enabled"

 

Logged out and closed chrome browser and reopended browser and logged back in using new password - success, I'm in - but didn't have to put in 2FA codes

 

Tried on my Iphone - same thing.

 

Is 2FA working?? 

 

 

 

 

Yes, it appears to be. I set it up yesterday and tried to log in this morning. Was challenged for the MFA code and rejected when I typed in a random number, but accepted when I used the correct OTP

 

 

 

 

 

 

There is the option to remember the browser for 90 days offered in the next screen. You might need to clear cookies in case you have a cookie MMH thinks is their’s

Beccara
1473 posts

Uber Geek
+1 received by user: 517

ID Verified

  #3449140 3-Jan-2026 10:29
Send private message quote this post

Munrog:

 

boosacnoodle:

 

Beccara:

 

That is not the case and hasn't been for a while. Atleast half of GP's are in non-onprem deployment setup and practically no PHO is doing hosting, i'm not aware of any at this point in time. General internet access is allowed and arguable required for GP's to access all the resources they need

 

 

Not sure where you are based but I can tell you this is not the case in Greater Canterbury at least. 

 

 

 

 

the only other region I can think of where PHO is involved in hosting/maintaining PMS would be Southland. Not sure they do but it’s possible. Most clinics now use TMG Cloudland or similar providers if they are on Medtech. Certainly the “vast majority “ are not using PHO hosting. In fact in most cases PHOs have very little to do with clinic PMS apart from requiring large amount of reporting data in response to funding the clinics through the capitation payment. 

 

 

 

 

Yeah, Pegasus have been in and out of IT over the years but never hosted the PMS, Southland did something but even then I'm pretty sure they were just dealing with a hosting company in the background rather than doing it in house. Pinnacle in the Waikato also spun up an IT company years ago. Medtech themselves also offer cloud hosting of their product.




Most problems are the result of previous solutions...

All comment's I make are my own personal opinion and do not in any way, shape or form reflect the views of current or former employers unless specifically stated 

farcus
1626 posts

Uber Geek
+1 received by user: 437


  #3449160 3-Jan-2026 12:47
Send private message quote this post

Dratsab:

 

I use Bitwarden and just clicked the 'Continue' button under the Google Authenticator app. Bitwarden works just fine.

 

 

Look at that . . . I went through and set up 2fa with Authy and it works just fine

dafman
4054 posts

Uber Geek
+1 received by user: 2652

Trusted

  #3449334 3-Jan-2026 17:59
Send private message quote this post

Although my medical centre moved to Centrix a while back, I have checked and my historical data is still on MMH.

 

So, what are the risks if my data is included in the breach?

 

My records could be published on the dark web (some has already). But if it is, my friends, family or people who know me are unlikely to stumble across it, so personal risk is low.

 

Identity theft. No passport or drivers licence or similar on the site, so risk not great?

 

What have I missed?

dfnt
1553 posts

Uber Geek
+1 received by user: 1036

Trusted
Lifetime subscriber

  #3449339 3-Jan-2026 19:01
Send private message quote this post

Saw this quote on the stuff article: “Manage My Health cannot be held liable in any way for events beyond our control or in any way for accidental or unauthorised access of your information.”

 

I'm sorry, what? How do they think they can escape liability for this..




Quic referral link https://account.quic.nz/refer/276294 free setup code R276294EBWOBK

 
 
 
 

Shop now for Lego sets and other gifts (affiliate link).
RunningMan
9186 posts

Uber Geek
+1 received by user: 4840


  #3449341 3-Jan-2026 19:19
Send private message quote this post

dfnt:

 

 “Manage My Health cannot be held liable in any way for events beyond our control or in any way for accidental or unauthorised access of your information.”

 

 

So if the fix is within their control, why was the original problem not within their control? Presumably misconfiguration somewhere.

lxsw20
3689 posts

Uber Geek
+1 received by user: 2174

Subscriber

  #3449343 3-Jan-2026 19:34
Send private message quote this post

It was mentioned on the news tonight that MMH are going to take legal action - who against? The hacker? (Assumed) outsourced dev house? The damage is done, what is legal action going to do for every ones breached data? zero. 

sleemanj
1514 posts

Uber Geek
+1 received by user: 315


  #3449344 3-Jan-2026 19:51
Send private message quote this post

lxsw20:

 

It was mentioned on the news tonight that MMH are going to take legal action - who against? 

 

"Legal action" probably means sending a letter to media outlets telling them not to publish anything or something.




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

networkn
Networkn
32864 posts

Uber Geek
+1 received by user: 15455

ID Verified
Trusted
Lifetime subscriber

  #3449345 3-Jan-2026 20:10
Send private message quote this post

dafman:

 

Although my medical centre moved to Centrix a while back, I have checked and my historical data is still on MMH.

 

So, what are the risks if my data is included in the breach?

 

My records could be published on the dark web (some has already). But if it is, my friends, family or people who know me are unlikely to stumble across it, so personal risk is low.

 

Identity theft. No passport or drivers licence or similar on the site, so risk not great?

 

What have I missed?

 

 

The information will be bought by someone who will try and extort you directly with releasing the records. You probably wouldn't pay, I wouldn't either, but for some, this type of information is closely guarded.

 

I have seen people extorted directly with sending personal information to their employer, etc etc. 

 

Unfortunately, this is the sort of thing AI is very good at, sorting through information, finding sensitive information, and putting it into a format which can be used at scale. 

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | ... | 29
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright