Govt Launches Rapid Inquiry Into ManageMyHealth Cybersecurity Breach

Health Minister Simeon Brown has directed the Ministry of Health to launch a rapid, high-level review of the cyber security breach affecting ManageMyHealth, a widely used digital patient-engagement platform relied on by general practices across New Zealand.

ManageMyHealth, operated privately, is a long-standing patient portal that stores clinical information and supports secure communication between patients and their health providers. The recent breach has triggered significant concern among patients, clinicians, and health-tech specialists about the resilience of third-party platforms handling critical health data.

“New Zealanders must have absolute confidence that their medical information is protected to the highest possible standard—regardless of whether that data sits in a public system or a private platform,” Minister Brown said.

The Government is accelerating oversight of digital-health operators, with Minister Brown confirming that the Ministry of Health will lead a full review into ManageMyHealth’s security posture and Health New Zealand’s incident response.

“We must learn from this event and strengthen the digital frontlines of our health system. This review will ensure we identify the root cause of the breach, assess the robustness of the protections in place, and outline the technological improvements needed to avoid repeat incidents,” he said.

Scope of the Review

The Ministry-led assessment will:

• Identify the technical and procedural causes of the breach.

• Evaluate the adequacy of existing data-security safeguards and incident-response actions.

• Recommend advanced protective measures to elevate cybersecurity standards in New Zealand’s digital health ecosystem.

Minister Brown has instructed that the review begin no later than 30 January, while cautioning that immediate operational response remains the priority. An inter-agency Incident Management Team continues to meet daily to coordinate national advice, technical support, and public-facing updates.

The Ministry will work closely with the Government Chief Digital Officer and the National Cyber Security Centre (NCSC) to develop the Terms of Reference and structure the review timeline.

Health New Zealand has confirmed that its internal systems remain unaffected. It is now partnering with the primary care sector—via General Practice New Zealand (GPNZ)—to determine the extent of patient-level impacts and to provide clear guidance to affected practices. Clinics remain fully operational.

A Call to Early Adopters in Health Tech

The Government’s move signals a strong message to the health-tech sector: New Zealand is elevating the bar for cyber resilience in medical platforms.

Tech innovators, cybersecurity firms, and digital-health solution providers are encouraged to engage early with the upcoming review process and contribute their expertise. The Ministry is expected to seek external technical input as it develops future-focused standards for privacy-by-design architectures, resilient cloud infrastructure, and next-generation patient-data protection frameworks.

As New Zealand accelerates its shift toward digital-first healthcare, early adopters and sector leaders have a unique opportunity to help shape—and strengthen—the cybersecurity foundations of the country’s emerging health-technology landscape.