New Zealand’s ManageMyHealth Patient Portal Data Breach: Cyber Attack on 1.8 Million Users

What happened?

• ManageMyHealth, New Zealand’s largest patient information portal with around 1.8 million registered users, detected unauthorised access to its New Zealand platform, confirming a cyber security incident affecting its systems.

Initial investigation indicates that approximately 6–7% of registered users — estimated at about 108,000 to 126,000 people — may have been affected by this breach.

Data at risk

• The attackers are believed to have accessed a large volume of files that could include personal and health‑related information such as names, contact details, medical records, lab results, prescriptions, and appointment information.​
• Clinical systems used by public health authorities have been reported as unaffected.

Response and investigation

• The portal operator states that the breach has been contained, external cyber‑forensics experts have been engaged, and notification is being sent to affected users.​
• The incident has been reported to law‑enforcement and data‑protection authorities.​

Extortion and threat activity

• A cybercrime group has claimed responsibility, saying it stole data from the portal and demanding a ransom of about 60,000 US dollars with a mid‑January deadline.​