AOTEAOROA faces growing concern after health portal, ManageMyHealth, confirmed a significant cyber data breach affecting potentially up to 126,000 users – raising serious questions about the security of personal health information and the future of digital health services.

ManageMyHealth is a widely used online platform that allows patients to access their medical records, book appointments, see test results, manage prescriptions, and communicate securely with clinicians. The service is trusted by over 1.8 million Kiwis and is deeply integrated with GP practices and health clinics across the country, making it a key part of how whānau manage everyday health needs.

In late 2025, ManageMyHealth identified unauthorised access to its systems, which was later confirmed to be a cyber breach of the portal. The company says the incident has been contained and the security systems are being strengthened, but the breach could affect between 108,000 and 126,000 users-around 6–7 percent of all registered accounts. Users began being informed about their potential involvement soon after the incident was detected.

ManageMyHealth has notified relevant authorities, including the Privacy Commissioner, Police, and the Ministry of Health, and is working with independent forensic cybersecurity experts to understand the full scope of the breach and secure its systems.

While ManageMyHealth and early reports have not fully confirmed the exact details of what data was accessed, users’ health records stored on the platform could contain a range of sensitive personal information – including medical diagnoses, prescriptions, appointments, and potentially contact details. In health systems internationally, such data is considered among the most sensitive because it can impact everything from personal privacy to insurance and employment risk if misused.

ManageMyHealth’s FAQs about the breach state that the organisation takes its privacy obligations seriously, and that the investigation is ongoing – including identifying specifically which users have been affected and how. Users are being guided on best practices for protecting themselves online while further details are confirmed.

For many whānau, digital health services like ManageMyHealth are more than convenience – they are a vital link to care. Being able to view health records, manage prescriptions, or connect with a GP online has greatly improved access for people in rural and urban communities alike. A breach of this nature does not just risk confidential information, it can erode trust in digital health systems that so many depend on every day.

There is no evidence that the breach has affected the delivery of health services or the clinical quality of care people receive. However, the fact that personal information may have been accessed continues to cause anxiety and concern among users.

This is not the first time health IT systems in Aotearoa have been targeted or exposed. Earlier incidents involving Health NZ (Te Whatu Ora) systems have shown how vulnerable health data infrastructure can be when not fully protected – including unauthorised access to staff health records in 2024, which was described as resulting from weaknesses in cybersecurity and staffing resources.

Those earlier breaches prompted calls from unions and privacy advocates to reverse cuts to IT and data security roles within the health system, warning that reduced investment would increase the risk of future breaches.

As digital systems become increasingly central to everyday healthcare – from patient portals to telehealth services – ensuring robust, well-resourced cybersecurity protections is now a public health priority.

If you use ManageMyHealth:

• Watch for direct notification from ManageMyHealth if you’re affected.

• Change passwords regularly and use strong, unique logins.

• Consider two-factor authentication if offered.

• Be vigilant for phishing messages or suspicious contact claiming to be from health services or the portal.

The Office of the Privacy Commissioner and police are investigating this breach, and affected individuals have strong rights under New Zealand’s privacy laws to seek clarity and protection around their personal information.

This breach highlights that in an increasingly digital world, health data privacy is not just an IT problem – it’s a community issue touching people’s sense of security, dignity and control over their own lives.

For Radio Waatea listeners, especially those who depend on online healthcare tools every day, the message is clear: stay informed, stay safe online, and demand strong protections for your data and your rights as patients and whānau.

Check out https://managemyhealth.co.nz/faqs-cyber-breach/