Following the New Zealand Medical Data Hack, the government on Monday ordered a review into a cyberattack on a private medical portal used nationwide after hackers accessed sensitive patient records, raising concerns about data protection and oversight.
Government Orders Probe Into Medical Data Breach
The New Zealand Health Ministry has launched a review into how hackers breached a privately owned website that stores medical records for about one-third of the country’s population. Creating the latest fallout from the New Zealand Medical Data Hack.
Health Minister Simeon Brown said the review will examine how unauthorized access occurred, assess the safeguards in place, and recommend steps to strengthen protections. The findings will guide future action by both government agencies and private health service providers.
“Patient data is incredibly personal, and whether it is held by a public agency or a private company, it must be protected to the highest of standards,” Brown said in a statement. “We must learn from this incident.”
The government did not provide a timeline for completing the review, but said it will focus on accountability and prevention. Officials emphasized that while the platform is privately owned, it plays a central role in the delivery of health services across the country.
Portal Used Nationwide for Records and Prescriptions
The website, Manage My Health, is widely used by health centers across New Zealand. It allows patients and medical providers to view medical records, access lab results, book appointments, and order prescriptions online.
The platform has about 1.8 million registered users, according to the company. That figure represents roughly a third of New Zealand’s population, making the breach one of the most significant health data incidents in the country in recent years.
Manage My Health said the cybersecurity incident occurred on Dec. 30. The company reported that documents linked to about six percent to seven percent of users may have been compromised.
In a statement, the Auckland-based company said the vulnerabilities that allowed unauthorized access have since been fixed. It did not detail the type of data involved but confirmed the breach included health documents.
The company said it is cooperating with authorities and reviewing its systems to prevent similar incidents. It did not say how many individual files were accessed or whether any data had been publicly released.
Ransom Demand Reported as Officials Seek Answers
New Zealand newspaper The Post reported that hackers demanded a ransom of $60,000 to prevent the release of the stolen documents. The government has not confirmed the demand, and officials declined to comment on whether any payment was made.
Brown said the review will consider whether current rules governing private digital health platforms are sufficient, given the scale and sensitivity of the data they hold.
New Zealand Medical Data Hack incidents involving health data have drawn increased scrutiny globally, as medical records can contain detailed personal and financial information. Experts say such data is often targeted because it can be difficult to change once exposed.
The Health Ministry said it is working with cybersecurity specialists to understand the scope of the breach and ensure affected patients receive appropriate guidance. It did not say whether patients whose data may have been accessed will be notified directly.
For now, officials urged patients to remain alert but said there was no indication that public health services had been disrupted. The government said protecting patient trust remains a top priority as digital tools become more embedded in health care delivery.
