Your Daily Ten@10 - 2026/002

This is edition 2026/002 of the Ten@10 newsletter.

Hi all,

Happy New Year.

This is the Ten@10, where I collate and summarise ten news items you generally won't see in the mainstream media.

Enjoy!

• 🧑‍⚕️ Contradiction Exposed: CEO Vino Ramayah called the doctor-patient relationship “sacrosanct” while admitting Manage My Health’s (MMH) basic security failure let hackers access 430,000 medical documents.
• 🏚️ House of Cards: The breach wasn’t random — it was built into a monopolistic, privately controlled system designed for profit, not protection.
• 👑 One-Man Empire: MMH is fully owned and controlled by Ramayah through Cereus Health Group, making him CEO, owner, and one of only two directors — a textbook case of concentrated power.
• 🧾 Tiny Team, Huge Responsibility: With just 21 staff, MMH handled records for 1.85 million New Zealanders — a staggering risk for such a small operation.
• 🏗️ Origins of Monopoly: MMH spun out of Medtech Global, a dominant GP software firm once run by Ramayah, giving him a built-in user base and market control.
• 🧱 Security Failures: Independent audits gave MMH a “D” grade for lapses like misconfigured email security, raising doubts about deeper vulnerabilities.
• 🔒 Zero Oversight: As a private company, MMH escapes the transparency and accountability that public health agencies face, fostering complacency.
• 💰 Perverse Incentives: With no competition or mandatory standards, investing in strong cybersecurity wasn’t in Ramayah’s financial interest.
• 🏥 Vendor Lock-In: GP clinics reliant on Medtech can’t easily switch providers, making MMH the default portal for millions of patients.
• 🧟‍♂️ Zombie Data Problem: Old or inactive accounts weren’t deleted, meaning even deceased patients’ records were exposed in the breach.
• ⚰️ Public Trust Lost: Health leaders say faith in digital health portals is shattered, calling MMH “sleepwalking” in complacency.
• 🌏 Offshore Weak Points: MMH’s development is largely outsourced to InLogic Technologies in Chennai, India — where Ramayah also holds directorship — creating potential foreign access to NZ patient data.
• 💳 Data Mix-Up: Leaked files reportedly included an InLogic credit card statement, hinting at sloppy separation between internal and patient data.
• 🚨 Jurisdiction Gaps: Indian contractors may have admin access to Kiwi medical data but sit outside New Zealand’s legal and privacy frameworks.
• 🧩 Outsourced Risk: Data might be stored locally, but control — and potential vulnerability — extends offshore.
• ⚖️ Privatised Profits, Socialised Risks: Ramayah’s lean model cut costs and maximised profit while taxpayers and patients bore the fallout.
• 🏛️ Regulatory Failure: Years of privatisation and weak oversight created a “high-trust” system ripe for abuse, with no mandatory cybersecurity standards.
• 🧨 Inevitable Collapse: This was not an accident but the logical outcome of monopoly capitalism meeting a hollowed-out regulatory state.
• 🩺 National Wake-Up Call: Entrusting millions of Kiwis’ medical data to a one-man monopoly has proven disastrous — and the true cost is only now emerging.