The Health Minister of New Zealand, Simeon Brown, has instructed the Acting Director-General of the Ministry of Health to establish a commission to thoroughly investigate a recent cybersecurity breach at ManageMyHealth, a prominent digital patient portal. This platform, which serves 1.8 million users, recently experienced a breach potentially affecting 6% to 7% of its customers. The breach was uncovered when hackers demanded US$ 60,000 via the Dark Web. Initial investigations suggest that patient demographic information, appointment histories, and communication logs may have been compromised, although there is no confirmation yet on whether clinical notes or full medical histories were accessed.
The incident has sparked concerns over the cybersecurity measures of private health technology providers, which manage significant amounts of sensitive data. In response, ManageMyHealth has taken steps to enhance its security protocols. The Health Minister emphasized the importance of protecting personal health data and outlined the objectives of the review, which include assessing the incident’s causes, evaluating existing data protection measures, and recommending improvements to prevent future breaches.
The government has convened an Incident Management Team to coordinate its response and is developing terms of reference for the review in collaboration with the Government Chief Digital Officer and the National Cyber Security Centre. ManageMyHealth has expressed regret over the breach and is working with cybersecurity experts to understand its full impact. The company has implemented additional security measures and pledged full cooperation with the review.
This breach is part of a series of cybersecurity incidents affecting New Zealand’s health sector, highlighting the need for strengthened national cybersecurity frameworks. The review is expected to contribute to discussions on mandatory standards and the role of central oversight in safeguarding digital health infrastructure.
