ManageMyHealth Data Breach

Forums › Health and fitness › ManageMyHealth Data Breach

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | ... | 29

1201 posts

Uber Geek
+1 received by user: 402

Lifetime subscriber

#3449346 3-Jan-2026 20:10

dfnt:

Saw this quote on the stuff article: “Manage My Health cannot be held liable in any way for events beyond our control or in any way for accidental or unauthorised access of your information.”

I'm sorry, what? How do they think they can escape liability for this..

This was Stuff quoting a section of their Ts and Cs, not a quote from MMH.

As pointed out, if the issue is with the setup or app then it is within their control and this will not apply

Clint

zenourn

281 posts

Ultimate Geek
+1 received by user: 168

ID Verified

Trusted

#3449536 4-Jan-2026 10:17

As someone who is responsible for looking after sensitive medical data I’m extremely disappointed by the system’s they had in place and how they have responded. Making claims that it is contained is also rather misleading:

MikeB4

MikeB4
18775 posts

Uber Geek
+1 received by user: 12766

ID Verified

Trusted

Subscriber

#3449538 4-Jan-2026 10:29

My concern is if prescribed medication and addresses are published is I could put my security at risk. I am prescribed some medication that would be in demand on the black market.

Here is a crazy notion, lets give peace a chance.

gehenna

8667 posts

Uber Geek
+1 received by user: 3883

Moderator

Trusted

Lifetime subscriber

#3449540 4-Jan-2026 10:34

zenourn:

As someone who is responsible for looking after sensitive medical data I’m extremely disappointed by the system’s they had in place and how they have responded. Making claims that it is contained is also rather misleading:

Where is this from?

zenourn

281 posts

Ultimate Geek
+1 received by user: 168

ID Verified

Trusted

#3449543 4-Jan-2026 10:39

gehenna:

Where is this from?

From their Telegram account where they posted details of the initial breach.

muppet

2644 posts

Uber Geek
+1 received by user: 1660

Trusted

#3449591 4-Jan-2026 13:06

I wish they'd hurry up and release the breach.

I want to know my blood tests results but I can't remember my login.

Samsung

Shop now on Samsung phones, tablets, TVs and more (affiliate link).

boosacnoodle

1275 posts

Uber Geek
+1 received by user: 859

#3449594 4-Jan-2026 13:13

I can confirm that passport details were included in the breach.

The earlier claim that Pegasus does not provide managed IT services (including hosted MedTech) appears to be incorrect also having confirmed with some people who work in that sector.

Still haven’t received the supposed 48 hours later comms directly from MMH. What on earth is going on?

geek3001

220 posts

Master Geek
+1 received by user: 331

ID Verified

Subscriber

#3449597 4-Jan-2026 13:31

boosacnoodle:

Still haven’t received the supposed 48 hours later comms directly from MMH. What on earth is going on?

In their update https://managemyhealth.co.nz/manage-my-health-update-on-cyber-security-incident-1jan2026/ they say:

"... we expect to start notifying those affected within the next 48 hours."

If they are notifying those affected, are we to assume that if we don't hear from them, then our details were not included in the breach?

I don't like making assumptions with something as potentially important as this.

I would prefer that they notify ALL users, even if that's 1.8 million emails needing to be sent (based upon the registered user count), and tell each user in plain terms whether their details were included in the breach or not.

Yesterday's update ends by saying "Manage My Health will provide a further update as soon as new information is available". That could be hours, days or the week after next.

geek3001

220 posts

Master Geek
+1 received by user: 331

ID Verified

Subscriber

#3449603 4-Jan-2026 13:53

boosacnoodle:

I can confirm that passport details were included in the breach.

@boosacnoodle are you able to clarify this point please?

I have no recollection of having to provide my passport details to MMH as proof of ID when I had my account created in 2019, or at any time since.

I may have provided passport details to my GP/ PHO in the past as part of proof of ID checking but I can't be sure.

Are you suggesting that passport info collected by a GP / PHO may have been provided to MMH and leaked?

gzt

18684 posts

Uber Geek
+1 received by user: 7826

Lifetime subscriber

#3449604 4-Jan-2026 13:57

It's unclear to me if the attackers have released only 6% of the records to show they have the data and will release more when the ransom is inevitably not paid. Ie; Is MMH's current 6% assessment based on actually logged data egress or similar? or based only on an examination of the records made available.

gzt

18684 posts

Uber Geek
+1 received by user: 7826

Lifetime subscriber

#3449605 4-Jan-2026 14:01

I have no recollection of having to provide my passport details to MMH as proof of ID when I had my account created in 2019, or at any time since.

I suspect that info is only provided by non-residents or in specific declarations like travel medical certs require it.

Dell

Shop now for Dell laptops and other devices (affiliate link).

notesgnome

130 posts

Master Geek
+1 received by user: 91

ID Verified

Lifetime subscriber

#3449607 4-Jan-2026 14:14

A good comprehensive summary here

https://utf9k.net/blog/managemyhealth-data-breach-recap/

If they're a GZ member, well done.

alasta

6890 posts

Uber Geek
+1 received by user: 3364

Trusted

Subscriber

#3449608 4-Jan-2026 14:15

geek3001:

I have no recollection of having to provide my passport details to MMH as proof of ID when I had my account created in 2019, or at any time since.

I may have provided passport details to my GP/ PHO in the past as part of proof of ID checking but I can't be sure.

Are you suggesting that passport info collected by a GP / PHO may have been provided to MMH and leaked?

I signed up for a new GP a year ago due to my previous GP closing their clinic. The new clinic wanted to take a copy of my passport which I was very reluctant to agree to, but unfortunately they insisted that they would not sign me up without it.

It is unclear whether a copy of my passport has ended up on MMH, but I can't find any such documents when I log into MMH.

As an aside, a friend of mine is in the process of applying for a job and has been asked to electronically submit a copy of her passport as part of the application process. This raises serious questions around whether it should be socially acceptable for businesses to make copies of documents like this, given the prevalence of data security breaches.

saf

221 posts

Master Geek
+1 received by user: 533

ID Verified

Trusted

Vetta Group

Subscriber

#3449613 4-Jan-2026 14:56

My views are as unique as a unicorn riding a unicycle. They do not reflect the opinions of my employer, my cat, or the sentient coffee machine in the break room.

geek3001

220 posts

Master Geek
+1 received by user: 331

ID Verified

Subscriber

#3449616 4-Jan-2026 15:06

This opinion is an interesting read, if the content is correct, particularly if the observations about the potential for easy MMH email spoofing and targeting of victims is correct.

https://blackveil.co.nz/blog/managemyhealth-breach-analysis-2025

1 | ... | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | ... | 29