Manage My Health (MMH) has released a detailed update on the ongoing investigation following a cyberattack that was first reported on 30 December 2025. The ManageMyHealth hack has affected a portion of the organization’s user base, prompting urgent responses from MMH, Health New Zealand, and law enforcement agencies.
In its statement on 5 January 2026, MMH acknowledged the anxiety caused to both healthcare providers and patients. The company described the cyberattack on ManageMyHealth as a form of criminal activity targeting its systems and apologized for any distress caused. MMH confirmed it is coordinating closely with New Zealand Police, Health New Zealand, and other relevant authorities to respond to the incident.
“The immediate priority was to secure systems, protect patient data, and verify the accuracy of information before communicating with practices and patients,” MMH stated. The organization emphasized its commitment to transparency and pledged to provide daily updates whenever possible, though it acknowledged that legal and operational constraints can sometimes delay information release.
The Deeper Insight into the ManageMyHealth Hack
Independent forensic analysis has confirmed that the cyberattack on ManageMyHealth targeted only a specific module within the app, Health Documents, rather than the entire platform. Preliminary investigations indicate that approximately 6–7% of the 1.8 million registered users may have had documents accessed.
MMH clarified that there is currently no evidence of core patient database access, modification, destruction of records, or theft of user login credentials. However, the organization continues to work with cybersecurity specialists to verify which documents were affected and to ensure a full understanding of the breach.
“We have identified and closed the specific security gaps that allowed unauthorized access,” MMH said in its 3 January 2026 update. Additional safeguards, such as stricter login attempts and strengthened storage for health documents, have been implemented. Users are also encouraged to enable two-factor authentication via supported apps, including Google Authenticator and Microsoft Authenticator, to enhance account security.
Coordinated Response to Data Breach at MMH
In response to the MMH data breach, the organization has begun communications with general practices, providing secure, confidential lists of affected patients. Notifications to individuals are expected to commence shortly, coordinated with Health New Zealand, General Practice New Zealand (GPNZ), and the relevant Primary Health Organizations (PHOs).
MMH has also established measures to prevent further dissemination of sensitive information. Injunction orders have been obtained from the High Court to block third parties from distributing potentially compromised data, and an international monitoring team is actively tracking known leak sites for any illicit publications.
“The cyberattack constitutes criminal activity, and any unlawful use of patient data will be pursued through legal action,” the company stated, while refraining from commenting on potential ransom demands, which remain under investigation by the New Zealand Police.
Support for Patients and Healthcare Providers
To assist those affected, MMH plans to launch a dedicated 0800 helpline and online support desk. The company is working to ensure clear guidance for healthcare providers handling patient inquiries, aiming for consistent and accurate communication across the sector.
MMH’s CEO, Vino Ramayah, highlighted the importance of restoring public trust. “We appreciate the patience of patients, practices, and partners while this complex investigation continues. Our priority remains transparency, system security, and appropriate support for all affected parties,” he said.
Independent forensic specialists continue to investigate the breach, and MMH has confirmed full cooperation with the Ministry of Health review. The findings are expected to inform improvements not only for MMH but across the broader health sector, reinforcing cybersecurity standards and preparedness against future incidents.
While MMH has taken immediate steps to secure its systems and support affected users, the investigation into the data breach at MMH remains ongoing, with updates expected as forensic confirmation and legal processes progress. This is an ongoing story, and The Cyber Express is closely monitoring the situation. We’ll update this post once we have more information on the ManageMyHealth hack or any further information from the company.
