KFC App Declared More Secure Than Manage My Health Portal

Concerns surrounding digital health security have intensified following recent breaches affecting patient data portals. In a striking comparison, IT expert Callum McMenamin stated that the KFC app is “more secure” than the widely used Manage My Health portal, which has been under scrutiny after hackers accessed the personal information of approximately 120,000 users. This revelation comes on the heels of a series of security failures, including a breach at oncology provider Canopy Health, which went unreported for several months after the incident occurred in mid-2025.

Nearly 2 million individuals are registered with Manage My Health, primarily through general practitioner (GP) practices. The alarming nature of these breaches has prompted calls for stricter regulations on digital health providers. McMenamin, a web standards consultant with experience in government security, criticized the lack of oversight in ensuring that private companies comply with established digital security frameworks.

Call for Enhanced Security Standards

“The big problem is that no one in the government is checking if these private companies are adhering to digital security standards,” McMenamin explained. He referred to the existing health information security framework, which outlines required standards but lacks enforcement measures. “There should be an enforceable standard for providers, who should be penalized if they fail to meet it. Otherwise, people will lose trust in the digital health system.”

He suggested that private companies might need to be barred from supplying digital health systems unless they can demonstrate adequate security measures. Fines or immediate corrective actions should be implemented if security issues arise. Whether government-provided services are inherently more secure depends on the specific security measures in place, according to McMenamin.

“What it really comes down to is standards—technical standards and how well they are monitored and enforced,” he said. “If those standards are properly implemented and of high quality, private companies can be very secure.”

Two-Factor Authentication: A Necessity

One major point of concern raised by McMenamin involves the absence of multi-factor authentication on Manage My Health. He noted that the platform’s chief executive indicated that hackers accessed the system using valid user passwords. “Multi-factor authentication really needs to be mandatory across all accounts for it to be properly effective,” he stated.

In a notable contrast, McMenamin highlighted that the KFC app employs mandatory two-factor authentication for its users. “For some reason, Colonel Sanders seems to be more secure than our digital health providers,” he remarked. He emphasized that two-factor authentication is now standard practice among many online services, including social media platforms and major tech companies.

The health sector, he warned, presents particularly appealing targets for hackers due to the sensitive nature of the data involved. “Many health organizations have very poor IT security controls in place, making them easy targets,” McMenamin said. “They’re just sitting ducks.”

As concerns about digital health security rise, RNZ has reached out to Health NZ and Manage My Health for comments regarding these significant claims. The ongoing discussions underscore the urgent need for enhanced security protocols and regulatory frameworks to protect sensitive patient data from cyber threats.