Aardvark Daily

Please visit the sponsor!

More on the ManageMyHealth hack

Earlier this week I wrote about a couple of hacking incidents here in New Zealand which seem to have exposed the personal information of hundreds of thousands of Kiwis.

Both Neighbourly and ManageMyHealth were hacked with the offenders promising to dump potentially sensitive records onto the dark web unless a ransom was paid.

As I said before, "it's the putting right that counts" and in that regard we all had a damned good laugh when both organisations announced that they'd gone to the courts to prevent hackers from using the data they'd stolen.

I'd still be chuckling... it it wasn't for the fact that I may be one of those affected and the response from ManageMyHealth has been outrageously poor.

When I tried, I couldn't find a phone number with which to contact ManageMyHealth -- something that immediately rang alarm bells.

Clicking the "Get in touch" button on the Support page simply leads to an AI chatbot that serves little purpose except to frustrate and irritate anyone seeking to speak with a real person and get some answers.

On the About Us page there is another section labeled "Get in touch" but it simply has a street address and a very generic email address -- no phone number???

Clearly this is an organisation that is averse to actually dealing with the public even when things are ticking over smoothly.

However, despite the generic nature of the contact address, I did send them an email asking for clarification as to what the hell was going on, since shortly after the hack I received a couple of emails asking me to "activate" my account -- I hadn't requested that.

When the response came back it had a very interesting line in the header where it quoted my original email:

WTF? Why was my original email directed to India?

Obviously ManageMyHealth is outsourcing its support to a support centre in the Asian subcontinent but I an not at all happy that perhaps my medical records may be also darting around the world in order for this organisation to save a few bucks on customer "support".

The response I got was not an answer to the questions I'd raised but simply a generic "If your account has been affected, you will receive a direct notification" and "We are working as quickly as possible to complete this process, which involves coordination with Health NZ, the Privacy Commissioner, and other relevant organisations. This step is essential to ensure that notifications are accurate, complete, and compliant with regulatory requirements".

This, more than a week after the hack was first detected and seemingly only in response to my email to them.

In an era where the theft of personal medical data can expose the victims to all manner of cyber-threats, this slackness on the part of ManageMyHealth is totally unacceptable and I would expect that anyone thus affected should be in line for some significant compensation.

Will that happen?

I doubt it.

Clearly the company is far more concerned about profits (witness the outsourcing of support to India) than it is about protecting the interests of patients or compensating them for the damages done.

The company website does have an FAQ on the security breach but some of the answers to the most-asked questions are somewhat farcical. For instance:

Seriously... in an entire week they couldn't find the time to simply send out an email to all their customers advising of the situation and the steps that were being taken to sort things out?

Call me unimpressed.

Carpe Diem folks!

Please visit the sponsor!

Here is a PERMANENT link to this column

Rank This Aardvark Page

Change Font