January 27, 2026

ManageMyHealth Data Breach Exposes 120,000 Patients’ Records in New Zealand

A major cybersecurity breach of New Zealand’s largest private patient portal, ManageMyHealth, has exposed sensitive medical information belonging to over 120,000 patients.

ManageMyHealth Data Breach Exposes 120,000 Patients’ Records in New Zealand

A major cybersecurity breach of New Zealand’s largest private patient portal, ManageMyHealth, has exposed sensitive medical information belonging to over 120,000 patients, prompting urgent legal action, government reviews, and widespread concern across the healthcare sector.

The breach, disclosed in late December 2025, involved unauthorized access to a document storage module of the platform and the exfiltration of more than 400,000 medical documents, including referrals, discharge summaries, lab results, imaging reports, and correspondence uploaded by patients or clinicians.

Platform Background

ManageMyHealth is a privately operated online portal used by general practices nationwide. It allows patients to access health records, book appointments, request prescriptions, and communicate with healthcare providers. With approximately 1.8 million registered users as of 2025, it is New Zealand’s largest patient-facing health information system and operates independently of Health New Zealand (Te Whatu Ora).

The service is widely used across the country, including 45 practices in the Northland Region and 355 other “referral-originating” medical practices.

The company became aware of unauthorized access on 30 December 2025 after notification by a partner organization. Immediate actions included securing systems, preserving evidence, engaging cybersecurity specialists, and notifying authorities, including New Zealand Police, the Privacy Commissioner, and Health New Zealand.

A public holding statement acknowledging a cybersecurity incident was posted on 1 January 2026. Investigations remain ongoing, with further updates expected as facts are verified.

Scope of the Breach

The breach was limited to a document storage module and did not affect core patient databases or national clinical systems. ManageMyHealth stated that there is no evidence that usernames, passwords, or sensitive system functionality were compromised.

However, media reports indicate the stolen documents date back several years, including material from 2017 to 2019, and some relate to patients whose practices no longer use the platform.

A group identifying itself as “Kazu” claimed responsibility for the attack, demanding a US$60,000 ransom and threatening to publicly release the data. Samples of stolen documents were published online to substantiate the claim. ManageMyHealth declined to comment publicly on the ransom, citing ongoing police investigations and legal proceedings.

On 5 January 2026, ManageMyHealth obtained an urgent High Court injunction to prevent publication, dissemination, or use of the stolen data. The court ordered that anyone in possession of the stolen documents must delete them, citing the highly sensitive nature of the information.

Online posts associated with the attackers referencing the stolen data were subsequently removed.

Patient Impact

The breach has raised concerns over identity theft, extortion, blackmail, phishing, and impersonation scams. Patients and general practices reported confusion and difficulty accessing information, with many learning of the breach through news coverage rather than direct communication from the company.

Advocacy groups emphasized the particularly sensitive nature of the data, which may include records relating to sexual violence, family harm, and other highly personal information.

ManageMyHealth has begun notifying affected practices and patients via email, in line with the Privacy Act 2020. A dedicated helpline was established to provide guidance and support. The company aims to complete notifications by mid-January 2026.

Criticism of Company Response

The handling of the breach drew nationwide criticism. Concerns included delays and inconsistent communication, technical issues with portal access, and frustration among healthcare providers over incremental disclosure of affected patient information.

CEO Vino Ramayah faced scrutiny for comments suggesting the attackers gained access “through the front door” using valid credentials, which critics said downplayed the company’s responsibility. Ramayah did not disclose whether ransom negotiations were considered, citing police involvement.

Health New Zealand confirmed that its systems and national databases were unaffected. On 5 January 2026, Minister of Health Simeon Brown commissioned an urgent review of both ManageMyHealth and the broader response by Health New Zealand.

The Public Service Association highlighted the incident as an example of risks stemming from reduced investment in digital and IT capabilities in the health sector.

Cybersecurity experts and commentators have compared the breach to previous high-profile attacks, including the 2021 Waikato District Health Board ransomware incident, underscoring ongoing vulnerabilities in healthcare data protection.

Latest News

Cybersecurity

January 30, 2026

Record-Breaking 16 Billion Passwords Exposed in Massive Data Breach

A staggering 16 billion login credentials have been exposed in what experts are calling one of the largest data breaches in history, raising serious concerns about online security for both individuals and organizations.

Read now

January 30, 2026

Illinois Health Department Confirms Years-Long Data Exposure Affecting 700,000 Residents

The Illinois Department of Human Services (IDHS) recently disclosed that it mistakenly made private health-related information about hundreds of thousands of Illinois residents publicly accessible online

Read now

January 30, 2026

Oracle E-Business Hack Continues to Generate Ransom Demands

A rising number of companies using Oracle’s E-Business Suite are facing ransom demands following a cyberattack that may have begun as early as July 2025.

Read now

Fintech

January 30, 2026

Ethereum Emerges as a Long-Term Macro Bet Amid Quantum, AI, and Monetary Shifts

Ethereum is increasingly being framed not just as a blockchain platform, but as a long-duration macro asset that may be uniquely positioned to navigate emerging technological and economic pressures ranging from quantum computing to artificial intelligence.

Read now

January 30, 2026

Vitalik Buterin Reconsiders Blockchain Design Tradeoffs as Zero-Knowledge Proofs

Ethereum co-founder Vitalik Buterin says he no longer agrees with a position he publicly held in 2017, arguing that advances in zero-knowledge cryptography and a deeper appreciation for real-world failure modes have fundamentally changed how blockchains should balance decentralization, usability, and resilience.

Read now

January 30, 2026

Market Volatility Obscures Fundamentals as Crypto Investors Overlook Valuation Signals

A growing divide is emerging in crypto markets between price action and fundamentals, highlighting what some investors see as a broader erosion of valuation discipline across the asset class.

Read now

AI

February 4, 2026

What if AI Is Really Good and Not That Disruptive?

AI discourse has collapsed into two extremes. Either large language models will automate all knowledge work and upend civilization within a decade, or they’re glorified autocomplete and the whole thing is a bubble.

Read now

February 3, 2026

Google Brings “Personal Intelligence” to Search, Making AI Results Uniquely Yours

Google is pushing search further into the personal realm. On Wednesday, the company announced that Personal Intelligence, a feature that tailors AI responses using a user’s own context, is expanding to AI Mode in Google Search.

Read now

February 2, 2026

CopilotKit Shows How to Bring LangChain Deep Agents to Production UIs

CopilotKit has published a detailed guide demonstrating how to connect LangChain’s new Deep Agents framework to a real-time frontend using Next.js.

Read now

Technology

January 30, 2026

Apple AirTag Receives Significant Update After Five Years

Apple has unveiled a new iteration of its AirTag tracking device, dubbed 'the new AirTag,' featuring significant enhancements attributed to an upgraded Bluetooth chip.

Read now

January 30, 2026

AI-Driven Automation Transforms Global Infrastructure

A glass of water sits untouched on a desk for hours, a laptop glows in the dim light, and a software engineer types furiously. This is Ivan, a developer who has taken AI-assisted automation far beyond what most would imagine.

Read now

January 30, 2026

Microsoft Unveils Maia 200 AI Chip, Outpaces Amazon and Competes with Nvidia

Microsoft has introduced its latest in-house AI accelerator, the Azure Maia 200, designed to deliver high-speed inferencing for data center AI workloads.

Read now

Fintech

February 5, 2026

AI Budgets Are Wide Open

Product market fit means being in a good market with a product that can satisfy that market. Marc Andreessen’s advice still holds.

Read now

February 5, 2026

New York Attorney General Warns Consumers About Prediction Markets Ahead of Super Bowl

With Super Bowl 60 just days away, New York Attorney General Letitia James is urging consumers to be cautious when using prediction markets that offer Super Bowl related trades.

Read now

February 5, 2026

Elon Musk’s xAI dives into crypto and TradFi amid $1tn SpaceX merger

Elon Musk’s artificial intelligence venture xAI is making a decisive push into cryptocurrency and traditional finance as it ramps up hiring and prepares for a landmark merger with SpaceX reportedly valued at more than $1 trillion.

Read now
View More Articles & Security Tips
Personal

All EraseMe plans include a 30-day risk-free refund guarantee.

Not satisfied? Reach out to our 24/7 Support within 30 days of joining, and we’ll refund every cent no questions asked.

Try EraseMe
EraseMe is built and run by Yates Solutions
The Online Privacy Company.
Secure Identity
Secure Business
How We WorkBusinessAbout UsBlogSupport
LoginJoin Now
Privacy PolicyTerms of Service
© 2026 EraseMe. All Right reserved. 800 Creek View Rd. Newark, DE 19711