MMH cyber breach update, 13 January 2026
Further to our 12 January 2026 statement regarding the cybersecurity crime, Manage My Health (MMH) provides the following update.
Update on patients affected
MMH and forensic cybersecurity experts have been continuing an investigation into the incident, and new information confirms that a group of patients who were previously notified as potentially affected were not affected by this incident.
We are contacting these patients directly to apologise for the concern this notification may have caused and to confirm that their information was not accessed. These patients will now see a green box at the top of their web application when logged in, saying ‘No Impact’ – this confirms that they have not been affected in this cyber incident.
When we first identified the breach, our priority was to contain the breach, act with transparency and to notify potentially affected patients as quickly as possible. Based on initial findings, the incident was limited to 6-7% of our 1.8 million registered users of the ‘My Health Documents’ module on the Manage My Health app. As the investigation progressed, we have now confirmed that specialist referral documents were not accessed.
Patient notification
More than half of affected patients have now received a notification email, and this process is ongoing with notifications rolling out to affected patients that can be notified.
It will take some time to complete the remainder of the list given the complexities of coordinating communications to separate cohorts of patients with relevant authorities and data controllers. This must be done securely in compliance with privacy laws.
For any further information, please refer to our frequently asked questions here: FAQs – Cyber Breach | Manage My Health
Our regular updates can be found here: www.managemyhealth.co.nz
As always, if any patients or practices have any concerns or questions, please contact us directly via [email protected]
