Cyber Breach at ManageMyHealth — A Wake-Up Call for Patient Data Security

A serious cyber security breach at ManageMyHealth, one of Aotearoa’s biggest online health record systems, has raised alarm bells about the safety of patient data and the risks ordinary people now face from identity theft and extortion.

ManageMyHealth is the digital portal many New Zealanders use to view their medical records, book appointments, see test results and manage prescriptions. But late last month, hackers claiming to be from the group “Kazu” posted messages online saying they had gained access to a large number of patient files – and were demanding a ransom.

ManageMyHealth confirmed that it identified unauthorised access on its systems. Initial estimates suggest that somewhere between 6 and 7 percent of its roughly 1.8 million users may have been affected – that’s tens of thousands of people. Are you affected? email us at [email protected] 

Although the company says it has engaged forensic experts and is working with authorities to secure its systems and understand the exact scope of what was accessed, there is still uncertainty about exactly what data was taken.

It’s not just phone numbers and email addresses that are at risk. Cyber security experts are warning that the types of information in these files – names, dates of birth, medical histories, test results and personal notes – could be used for identity theft or even personal extortion.

Identity fraud doesn’t just mean someone opening a credit card in your name. It can also mean scammers impersonating you to access services, convince others you are someone you’re not, or even to leverage sensitive health details for blackmail. Experts are treating this as a very real threat.

Health Minister Simeon Brown has described the breach as “deeply serious” and says Health New Zealand and the Office of the Privacy Commissioner are working with ManageMyHealth to ensure patient privacy is protected.

Officials have stressed that, at this stage, there is no evidence that the core systems used by Health New Zealand – including its My Health Account service – have been breached, because those systems are separate.

That’s an important distinction – but it doesn’t change the fact that personal health data is now potentially in the hands of criminals.

One of the biggest frustrations for patients and doctors alike has been how slowly information has come out.

Some GP clinics say they first heard about the breach through media reports, rather than direct communication from ManageMyHealth – months after the incident occurred. That has left both patients and practitioners scrambling for information and reassurance.

Cyber security experts have also questioned how the breach was handled and how long unauthorised access went undetected.

This isn’t an isolated incident in Aotearoa. The health sector has struggled with serious data risks in the past. A major ransomware attack on the Waikato District Health Board in 2021 crippled hospital computer systems and exposed patient data, and highlighted how vulnerable legacy systems can be to attack.

Now, with more health data moving online so patients and doctors can access information quickly, the pressure is on to ensure the digital infrastructure entrusted with that data is secure.

What Patients Should Do Now

If you are registered with ManageMyHealth and think you might be affected:

• Be alert to phishing emails or calls – scammers often use stolen personal data to craft convincing fraud attempts.

• Change your portal password as a precaution.

• Enable two-factor authentication if available.

• Monitor your financial accounts and credit reports for unusual activity.

Even if you haven’t been contacted yet, it’s a good idea to be vigilant about what information is shared online – especially when it relates to health.

This breach is a stark reminder that digital convenience must be matched with robust security, and that protecting personal data – especially health information – must be a top priority for providers and regulators alike.

RELATED NEWS

Decades long service recognised by the King: Dover Samuels Guide Kaiārahi to return “Mean-spirited” Law Changes Threaten Māori Customary Marine Rights