ManageMyHealth, a prominent patient portal service in New Zealand, has confirmed a significant data breach impacting up to 126,000 of its users. The incident has led to the exposure of sensitive personal and medical information, raising concerns among affected individuals across the country.

Details of the ManageMyHealth Data Breach

The breach involved unauthorized access to parts of the ManageMyHealth system. While the specific method of attack was not detailed, the outcome was the compromise of a substantial amount of user data. ManageMyHealth provides an online platform for New Zealanders to manage their health information, book appointments, and communicate with their general practitioners, making the integrity of its data paramount.

The exposed information includes a range of personal identifiers and health-related details:

• Names
• Residential addresses
• Dates of birth
• Contact details, including email addresses and phone numbers
• National Health Index (NHI) numbers
• General practitioner details
• Information related to medical events

It has been confirmed that financial details, such as credit card information, were not stored on the affected systems and therefore were not compromised in this incident.

Company Response and User Notification

Upon discovery of the unauthorized access, ManageMyHealth initiated an investigation and took immediate steps to secure its systems. The company has been working with cybersecurity experts to understand the full scope and impact of the breach and to reinforce its security infrastructure.

ManageMyHealth has begun the process of notifying all potentially affected users directly. These notifications provide details about the breach and advise individuals on steps they can take to protect themselves from potential risks associated with the exposed data. The company has also engaged with relevant regulatory authorities in New Zealand, including the Office of the Privacy Commissioner.

Recommendations for Affected Individuals

Individuals who have used the ManageMyHealth platform are advised to remain vigilant following this incident. While the company has taken action, the exposure of personal data, including NHI numbers and medical event information, carries inherent risks. Users should:

• Be wary of suspicious emails, text messages, or phone calls that claim to be from ManageMyHealth or other health providers. These could be phishing attempts designed to illicit further personal information.
• Monitor their personal accounts and financial statements for any unusual activity.
• Consider changing passwords for their ManageMyHealth account and any other online accounts where they may have used similar credentials.
• Exercise caution when sharing any personal or health-related information online or over the phone.

The ManageMyHealth breach underscores the ongoing challenges in maintaining robust cybersecurity for sensitive health information and highlights the importance of data protection in digital healthcare services.