this post was submitted on 24 Feb 2026

38 points (97.5% liked)

Aotearoa / New Zealand

2120 readers

64 users here now

Kia ora and welcome to !newzealand, a place to share and discuss anything about Aotearoa in general

For politics , please use !politics@lemmy.nz
Shitposts, circlejerks, memes, and non-NZ topics belong in !offtopic@lemmy.nz
If you need help using Lemmy.nz, go to !support@lemmy.nz
NZ regional and special interest communities

Rules:

Don't be a dick

FAQ ~ NZ Community List ~ Join Matrix chatroom

Banner image by Bernard Spragg

Got an idea for next month's banner?

founded 2 years ago

MODERATORS

RaoulDuke@lemmy.nz

38

Another fucking health app hack (www.rnz.co.nz)

submitted 7 hours ago by phtheven@lemmy.world to c/newzealand@lemmy.nz

9 comments fedilink hide all child comments

The Privacy Commissioners Office has been calling for proper fines for data breaches for YEARS.

Not a single muppet in the beehive has even given it a thought, from what i can tell.

The current maximum penalty is $10000.

Australia has their maximum penalty set to $50 million.

you are viewing a single comment's thread
view the rest of the comments

[–] FiniteBanjo@feddit.online 2 points 7 hours ago (4 children)

I'm in this weird position where I've never been a part of a Data Breach in part because I don't install or use any unnecessary Apps. I don't use them. Apps are not secure and that adds insecurity to entire devices.

It would take an equifax level data breach to release my information.

[–] Fizz@lemmy.nz 3 points 2 hours ago

How have you never been part of a data breach? Have you never signed up to a website? They are getting breached left right and center

[–] andronicus@lemmy.world 3 points 5 hours ago (1 children)

That is certainly a take, but an app is just one attack surface for interacting with a service, and is not inherently secure or insecure; who you trust with your data is the far more relevant part here.

And that also doesn't matter when you are forced to interact with a government service or essential utilities provider who then subsequently puts your data into the hands of the same high profit, low value shitware companies that have these agencies/organisations locked-in. What are you going to do then? Move to the woods?

No, it won't stop until there is real accountability with teeth. Punish these fuckers for their incompetence with actual jail time for directors, otherwise fines are just the cost of doing business.

[–] FiniteBanjo@feddit.online 0 points 5 hours ago* (last edited 4 hours ago)

In the majority of cases the Apps are built or mainained by third parties who now additionally have access to your personal information, such was the case with a recent Railway travel app in Europe that revealed customers info and even Passport copies.

That is, among other things, why it is inherently a vulnerability.

In my area government services, medical processing, and utility companies can be managed either via website, phone, or in person. There has been a push lately for apps but I never sign off on any such disclosures and never use such apps. I would sue long before I considered it.

You comment reeks of nihilistic defeatism.

[–] phtheven@lemmy.world 5 points 6 hours ago (1 children)

Yeah mate i think it's fairly likely that many of us on here don't go around installing bullshit apps. I haven't been affected either.

The previous hack (manage my health) was not an app that people installed on their phones, it was a health management portal that patients were signed up to when they enrolled to clinics and practices that made use of that platform. These health providers used this as a database to store the medical information for all their patients. Molemaps, xrays, doctors notes, everything was uploaded, not by patients, but by their medical care providers.

If you're enrolled at a gp it's likely that your data is sitting in a similar system. MyIndici is an example I'm aware of, although it hasn't been hacked to my knowledge.

The concern doesn't stop with health apps either. Any third party data portal/platform is theoretically at risk, and kiwi companies love outsourcing risk to these private corps. Imagine the fallout from a RealMe hack, for example? It's no less likely at this point, and because of the lackluster regulation around these data platforms, they have no real incentive to beef up security. That's the issue here.

[–] FiniteBanjo@feddit.online 0 points 6 hours ago* (last edited 6 hours ago) (1 children)

I think it's worth pointing out that the vast majority of the public lack the basic ability to protect themselves from vulnerabilities and are apathetic to the dangers of the act of installing random apps to personal devices, even those associated with legitimate institutions and services.

As for potential solutions, obviously legislative solutions are the way to go and would take much of the pressure off of citizens.

[–] phtheven@lemmy.world 1 points 23 minutes ago

When the post is making the case for stronger legislation, and you respond by bringing up the individual responsibility of those affected, it certainly gives the impression that you are arguing against regulation and shifting the blame toward the personal failings of the victims.

Most of the people affected in this hack appear to be the elderly and disabled. Many of them do lack the ability to protect themselves, not through apathy or ignorance, but because they are some of the most vulnerable people in our society. I think it's important to approach these issues with compassion and understanding, rather than getting on your high horse and preaching to the choir.

[–] FistingEnthusiast@lemmy.world 3 points 7 hours ago

Good for you.

Meanwhile, plenty of people have been affected

Do you feel better about contributing nothing?