What happened?
- ManageMyHealth, New Zealand’s largest patient information portal with around 1.8 million registered users, detected unauthorised access to its New Zealand platform, confirming a cyber security incident affecting its systems.
Initial investigation indicates that approximately 6–7% of registered users — estimated at about 108,000 to 126,000 people — may have been affected by this breach.
- The attackers are believed to have accessed a large volume of files that could include personal and health‑related information such as names, contact details, medical records, lab results, prescriptions, and appointment information.
- Clinical systems used by public health authorities have been reported as unaffected.
Response and investigation
- The portal operator states that the breach has been contained, external cyber‑forensics experts have been engaged, and notification is being sent to affected users.
- The incident has been reported to law‑enforcement and data‑protection authorities.
Extortion and threat activity