What led to the ManageMyHealth cybersecurity breach?

Auckland, January 5, 2026 – Health Minister Simeon Brown has instructed the Acting Director-General of the Ministry of Health to initiate a comprehensive review of the cybersecurity breach at ManageMyHealth, New Zealand’s leading digital patient portal. This platform provides users with access to their health records, medications, and more. The breach potentially impacted 6% to 7% of the company’s 1.8 million customers, with hackers demanding US$ 60,000 through the Dark Web. ManageMyHealth promptly informed the National Cyber Security Centre and the Ministry of Health, reaching out to General Practices and issuing public alerts about the potential data exposure. Initial investigations suggest that patient demographic information, appointment histories, and communication logs might have been accessed, though there is no confirmation yet regarding clinical notes or full medical histories. This incident has sparked concerns about the cybersecurity resilience of private health technology providers, especially those managing vast amounts of sensitive public health data. ManageMyHealth’s Executive Chairman, Vino Ramayah, has implemented measures to bolster the platform’s security. Minister Brown emphasized the importance of protecting patient data, whether held by public or private entities, and outlined the review’s objectives: assessing the incident’s causes, evaluating existing data protections, and recommending improvements. The review should commence by January 30, 2026, and will involve collaboration with the Government Chief Digital Officer and the National Cyber Security Centre. Health New Zealand confirmed its systems remain unaffected and is working with primary care providers to assess the impact on patients. ManageMyHealth has expressed regret over the breach and is cooperating fully with the government review, enhancing security measures, and reviewing third-party integrations. This incident is part of a series of cybersecurity breaches affecting New Zealand’s health sector, highlighting the need for stronger national cybersecurity frameworks and consistent standards across the board.