We are a managed service provider (msp).
01110100 01101000 01101001 01101110 01101011 00100000 0100100100101110 01010100 00101110

About

Resources

Managed IT Services and Support

Careers

Contact us

+

Book a consult — Book a consult —

ManageMyHealth Cyber Incident

05/03/2026

ManageMyHealth experienced a cyber incident late last year involving unauthorised access to its Health Documents section.

We are a managed service provider (msp).

In late December 2025, ManageMyHealth, New Zealand’s largest online patient portal, confirmed it had experienced a cyber security incident involving unauthorised access to a limited part of its platform.

The incident was identified on 30 December 2025. ManageMyHealth moved quickly to secure the platform, preserve evidence, and engage with independent cyber security and forensic specialists. Relevant authorities, including the Office of the Privacy Commissioner, New Zealand Police, and Health NZ, were notified.

Investigations confirmed the incident was contained and limited to documents stored in the “My Health Documents” section of the platform. There was no evidence that user login details were accessed, data was changed or destroyed, or that GP clinical systems, live medical records, prescriptions, secure messaging, or appointment booking systems were affected.

Based on public reports, approximately 6–7% of registered users may have had documents accessed. ManageMyHealth has been contacting affected users in phases, and most people have now been notified. Some users were initially contacted as a precaution and later confirmed as not impacted. Users can now log in to check their status directly.

ManageMyHealth has confirmed the affected feature remains secured. Independent verification work is ongoing, and regulatory reviews by the Ministry of Health and the Office of the Privacy Commissioner are underway.

Why this matters

This incident highlights a broader trend in cyber security incidents, where attackers increasingly exploit authorised access pathways rather than technical vulnerabilities alone. Even established platforms can be placed at risk when security controls are not consistently applied or when access to sensitive data is broader than necessary.

For healthcare organisations and patients alike, this highlights the importance of strong security controls, effective oversight, and clear communication, particularly when dealing with highly sensitive personal information.

Why Multi‑Factor Authentication (MFA) matters

Passwords alone aren’t always enough. MFA adds an extra layer of protection by requiring a second form of verification, such as a code or biometric check.

Even if passwords are compromised, MFA can significantly reduce the risk of unauthorised access.

ManageMyHealth has recommended that users:

  • Reset their passwords
  • Enable MFA (including biometric options where available)
  • Remain alert for unusual activity related to their health information

See our services

Managed ServicesMulti-factor Authentication (MFA) Mail ProtectionManaged Print ServicesSecurity Information and Event ManagementManaged Wi-FiDomain HostingPenetration TestingPassword Manager
EDR (Security) SolutionSecurity Education SolutionData ProtectionManaged FirewallDNS FilteringPhone SystemsWebsite HostingMedtech OptimisationMobile Device Management
© 2026 think i.t.
About Us
Managed IT Services and Support
Careers
Contact us
Resources
IT News
IT Case Studies
IT Blog
Facebook
LinkedIn
#
Privacy Policy
Terms & Conditions
We are a managed service provider (msp).
01110100 01101000 01101001 01101110 01101011 00100000 0100100100101110 01010100 00101110
CREATED BY 
THE WEB GUYS