Manage My Health, a widely used online patient portal that allows people to access medical records and communicate with general practices, has begun notifying healthcare providers following a cybersecurity breach that exposed patient documents. The company said it is contacting affected practices so they can assist with patient communications and follow up where necessary.
The breach was identified in late December 2025 and involved unauthorised access to the platform’s document management feature, known as My Health Documents. Manage My Health said the incident did not compromise its core patient management system but allowed access to files uploaded by practices, including clinical correspondence such as referrals and discharge summaries. The service remains operational.
Manage My Health said approximately 125,000 users may have been affected out of around 1.8 million registered patients nationwide. The company said the vulnerability has been contained and that no further unauthorised activity has been detected since security measures were implemented.
The company has engaged external cybersecurity specialists to investigate the incident and assess the scope of the exposure. It has also notified the Office of the Privacy Commissioner and other relevant authorities in accordance with regulatory requirements. Additional monitoring and security controls have been introduced as part of the response.
Notifications to general practices are being issued directly by Manage My Health. Practices are expected to help inform patients whose documents may have been accessed. The company said it is also contacting affected patients directly via email and portal messages and plans to complete notifications during January.
Manage My Health has set up a dedicated support page and helpline for affected users. Patients have been advised to update passwords, review account activity, and remain alert to potential phishing attempts. Guidance has also been provided to practices on managing patient enquiries.
Health New Zealand, also known as Te Whatu Ora, said a significant number of affected users are linked to practices in the Northland region, where the platform is used to share clinical documents. The agency said it is working with providers to support patient communications and continuity of care.
The incident has renewed focus on cybersecurity risks within health technology systems. A High Court injunction has been issued to prevent further access to or distribution of any data obtained during the breach. Regulatory and technical investigations remain ongoing.
Site Disclaimer
2-remove-virus.com is not sponsored, owned, affiliated, or linked to malware developers or distributors that are referenced in this article. The article does not promote or endorse any type of malware. We aim at providing useful information that will help computer users to detect and eliminate the unwanted malicious programs from their computers. This can be done manually by following the instructions presented in the article or automatically by implementing the suggested anti-malware tools.
The article is only meant to be used for educational purposes. If you follow the instructions given in the article, you agree to be contracted by the disclaimer. We do not guarantee that the artcile will present you with a solution that removes the malign threats completely. Malware changes constantly, which is why, in some cases, it may be difficult to clean the computer fully by using only the manual removal instructions.