Seek My Health

Health Marketplace

Beating the Blues

Manage My Health has published an update regarding the cyber security incident identified on 30 December 2025. Read the full notice here.

Support
Sign in
Sign in

MMH Privacy breach public notice 

MMH

Privacy breach public notice

On 30 December 2025, Manage My Health identified a cyber security incident involving  unauthorised  access to a specific feature of the platform in New Zealand.

We sincerely apologise to anyone affected. 

As soon as this incident was detected, we took immediate steps to mobilise a response team to ensure the security and integrity of our systems.  We want to assure you that the incident has been contained, and we have strengthened our systems to help prevent it from happening again. 

Early in the incident, the third party put a small number of documents online, but they were quickly removed.  We continue to monitor our systems closely and will update this page promptly if this changes. 

We obtained an interim High Court injunction to prevent further access to, misuse of, or reporting on the stolen data by other parties. While this cannot prevent unlawful actions by criminal actors, it does limit the ability of others (such as media organisations) to access or disseminate the material. We also engaged with New Zealand Police on this matter. 

Manage My Health is carrying out its own investigation and has notified the relevant government agencies and law enforcement bodies, including the Office of the Privacy Commissioner (OPC), Health New Zealand (HNZ), and the National Cyber Security Centre (NCSC). This work is separate from the reviews underway by the OPC and the Ministry of Health. 

WHAT TYPE OF INFORMATION WAS INVOLVED? 

The incident relates to documents stored in the ‘My Health Documents’ section. This includes: 

  • Documents users uploaded themselves, such as correspondence, reports, or results
  • Clinical documents from Northland hospital including outpatient clinics. Examples of clinical documents are hospital discharge summaries, clinic letters and operation reports.

This did not include GP clinical systems, live medical records, prescriptions, secure messaging, or appointment systems. 

If you have a Manage My Health account and were impacted, you can see what information of yours was impacted directly by logging into your Manage My Health account. Once logged in, your Dashboard will clearly show whether your account was impacted or not impacted. You can click “Check now” to open the Account Security Status page and view the details for your account. If you don’t see the Account Security Status, it means your account is still under review. 

If you do not have a Manage My Health account, or aren’t sure whether your healthcare practitioner previously registered one for you, and would like to confirm whether you were impacted, please email [email protected] 

We appreciate this information may be concerning and we are here to provide you with the support you need. If you’d like to speak to someone or find out more information about how you were impacted, please email the MMH support desk at  [email protected] 

ADDITIONAL INFORMATION 

If you have been impacted by this breach, there may additional support options available to you. Please contact Manage My Health directly at [email protected]  for  assistance. 

What steps can you take to protect your information?

  1. We recommend you remain vigilant against the risk of phishing emails and scams, which are often the most likely risk associated with any unauthorised access to personal information. 
  2. Scam calls and phishing emails are becoming increasingly sophisticated and may appear to come from legitimate email addresses or phone numbers, including those with local area codes. Scammers often claim to represent reputable organisations (such as government agencies, banks, or telecommunications providers) and create a sense of urgency to pressure you into disclosing sensitive information or making payments.
  3. Where a third party has accessed or disclosed your contact information, it is important to: 
    • Stay alert and don’t give out any personal information: Be aware of email, telephone and text-based scams. Do not share your personal information with anyone unless you are confident about who you are sharing it with.
    • Check the URL: When a webpage asks for your login credentials, take note of the web address or URL (‘Uniform Resource Locator’). The URL is located in the address bar of your web browser and typically starts with https://.

      If you are suspicious of the URL, do not provide your login details. Contact the entity through the usual channels to ensure you are logging into the correct web page. Manage My Health will never contact you to ask for your username or password.  

    • Set up multi-factor authentication: Enable multi-factor authentication for your online accounts where possible, including your email, banking, and social media accounts.
    • Install antivirus software: Ensure you have up-to-date anti-virus software installed on any device you use to access your online accounts.
    • Passwords: Change your online account passwords and have a different password for all your online accounts. If you emailed yourself passwords for other online accounts, change these as well.  Netsafe provides guidance around good password practice here:  https://netsafe.org.nz/online-safety-at-home/how-to-choose-a-good-password
    • More information and tips:  

Health information 

Some health-related information was included in the dataset affected by the incident. For context, cybercriminals usually target information that can be easily used for financial gain – such as credit card details or identity documents. We acknowledge the fact your information has been accessed and downloaded by a third party may be distressing. Please contact your GP, or regular clinician if you feel you need medical support.   

Support 

The Mental Health Foundation can provide support and advice on additional help. A number of support services can be found on the organisation’s website: www.mentalhealth.org.nz/helplines, including:   

  • Free call or text 1737 for support anytime from a trained counsellor.   
  • Lifeline – 0800 543 354 (0800 LIFELINE) or free text 4357 (HELP). 
  • Samaritans – 0800 726 666 
  • Suicide Crisis Helpline – 0508 828 865 (0508 TAUTOKO)  

Privacy Commissioner 

The Privacy Commissioner has been notified about this incident. If you have further concerns, you have the right to complain to the Privacy Commissioner.   

You may wish to visit the New Zealand Privacy Commissioner website for further information about your privacy rights and responding to cyber security incidents at https://www.privacy.org.nz/your-rights/your-privacy-rights/ 

FAQS

Visit our FAQs page for answers to common questions https://managemyhealth.co.nz/faqs-cyber-breach/#faqs.  

General Resources 

Please find additional general resources on identity and cyber security support here: 

News & Events

MMH
Business

MMH cyber breach update 13 January 2026

MMH cyber breach update, 13 January 2026  Further to our 12 January 2026 statement regarding the cybersecurity crime, Manage My Health (MMH) provides the following update.   Update on patients affected 

Learn More »
13 January 2026
Load More

Join the Manage My Health revolution

We’ve made it simple for people and their health providers to connect with each other anytime, anywhere.

Trusted by over 1.85 million Kiwis and used by most health centres, Manage My Health is a secure health portal that empowers people to take charge of their health and extends the capabilities of health practices to let them focus on what’s more important – patient care.
Sign up
Scroll to Top
Sign in
Menu

Support