×

Manage My Health Cyber Security Incident – What we know so far.

January 9, 2026

INFORMATION FROM MANAGE MY HEALTH UPDATE: dated 8 January

Breach containment

MMH understands and sincerely apologises for the pain and anxiety this criminal activity has caused to patients.
The MMH app consists of multiple modules. One of these contains data provided directly by a GP and is referred to within the app as “Health Records”. The app also includes a separate module called “My Health Documents”, which stores documents, including those uploaded by users.
MMH would like to clarify that the breach was limited to data stored in the “My Health Documents” module only. User data stored in the GP-provided “Health Records” module was not compromised as part of this incident.

Here’s a summary of the facts, to date:

The cyber incident was limited to 6-7% of our 1.8 million registered users, within the “My Health Documents” module only.
The data relates to a range of medical practices, including:

  • Approximately 45 Northland-based GP practices,
  • Clinical discharge summaries and historical clinical referral records in the Northland region (data that is between six and eight years old),
  • Approximately 355 “referral-originating” GP practices across a number of New Zealand regions,
  • Personal health information uploaded by patients.
Patient notifications
  • Direct notifications to the first 50% of patients affected commenced Thursday morning.
  • Notifications are being sent via email to the address patients used to register their account, and this communication will be personally addressed to the name associated with the account. A reminder that patients should keep an eye out for anything unusual – MMH will never ask for log-in credentials – and that we are intentionally redirecting MMH mobile app users to the MMH web application so that notification information is consistent across platforms.
  • These email notifications will include an 0800 number that impacted individuals can call for support and assistance should they require.
System security

MMH confirm: that we received independent confirmation from our cyber security specialists that the current system environment is secure and operating as intended.
MMH is an ISO 9001 and ISO 27001 certified organisation. We have quality assurance processes with regular testing of our systems.

High court order protecting patient data

MMH has sought further protection to prevent third parties from accessing any data based on injunction orders from the High Court. The order has been served to major media outlets. We have an international team monitoring known data leak websites and are prepared to issue takedown notices immediately if any information is posted.

As a precaution, patients are encouraged to change their passwords and use multi-factor authentication, especially if they reuse passwords across other services.

NOTE FROM THE PRACTICE

Affected patients are welcome to book in for a free 30-minute consultation with our Health Improvement Practitioner who can support you. If you have been affected, please call us on 03 477 7583 to book an appointment with the HIP.
We encourage you to continue to use the portal as per normal but as a precaution, but we suggest that you change your password and use multi-factor authentication, especially if you reuse passwords across other services.

IMPORTANT LINKS

Patients contact: info@managemyhealth.co.nz
FAQs: FAQs -cyber-breach

Copyright ©2017 all rights reserved
Designed by Plethora Themes