Important Security Update: ManageMyHealth
12th January 2026
Dear Patients,
We are writing to provide a further update regarding the recent cyber security incident involving the Manage My Health (MMH) portal.
What is the current status?
MMH has been working closely with the NZ Police, the Ministry of Health and the NZ Privacy Commissioner in relation to this breach.
MMH has obtained injunction orders on an interim basis from the High Court preventing third parties from accessing any stolen data and to date, to the best of our knowledge, no breached information has been made public.
We have received reassurance from MMH that the specific vulnerability which allowed the breach was identified and closed as soon as it was found.
The incident involved unauthorised access to only the ‘Health Documents module’ within the MMH app (not the whole app of MMH which remains secure).
- MMH has identified which patients have been affected by the breach from our practice.
- This has involved a very small number of our patients.
- You may have been contacted directly by MMH, or you can check whether you have been affected by going to your own patient portal.
- For only those affected by the breach, MMH has provided an 0800 phone number for you to call. MMH can then provide you with further information.
- The MMH portal will also tell you if you have NOT been affected. If this is the case, you can be reassured that you or any of your documents have not been breached.
What does this mean for you?
- MMH has temporarily paused all access to the “Health Documents” section (specialist letters, blood test results) while they finalise their investigation.
- Using the portal can continue for activities such as:
- Requesting Repeat Prescriptions: You can continue to order your regular medications as usual for now.
- Booking Appointments: You can still use the portal to book and manage your visits for now.
- If you have any difficulty using the portal for scripts or bookings, please email us or call our reception team.
- MMH have confirmed that no logins/passwords were compromised. However, it is always a good idea to reset all passwords regularly and enable 2-factor authentication when available.
Our own internal practice systems and data, ie the Practice Management System that our practice uses to hold your confidential information, was NOT part of this breach and remains secure.
We are temporarily not uploading any new records to your app until we have more information.
The Team at Plimmer Steps Medical Centre
5th January 2026
Dear Patients,
We are writing to provide an update regarding the recent cyber security incident involving the ManageMyHealth (MMH) portal.
What is the current status?
- MMH has confirmed that a targeted hacking attack occurred on 30 December 2025.
- They have since identified and closed the security gap, and external experts have verified that the system is now secure.
- Forensic investigations suggest that approximately 7% of users nationwide may have had documents accessed.
What does this mean for you?
- MMH has temporarily paused all access to the “Health Documents” section (specialist letters, blood test results) while they finalise their investigation.
- If your data was involved, MMH will contact you directly via email or letter with specific guidance. We will also contact you as soon as we know who has been affected, but at this time we have not yet been informed which of our patients have been affected, if any.
- Using the portal can continue for activities such as:
- Requesting Repeat Prescriptions: You can continue to order your regular medications as usual for now.
- Booking Appointments: You can still use the app to book and manage your visits for now.If you have any difficulty using the app for scripts or bookings, please email us or call our reception team.
- MMH have confirmed that no logins/passwords were compromised. However, it is always a good idea to reset all passwords regularly and enable 2 factor authentication when available. Manage My Health users can enable Multi-Factor Authentication (MFA) using a supported authenticator app, providing an additional layer of account security.
Supported Authenticator Apps
• Google Authenticator
• Microsoft Authenticator
Here is the link with instructions to enable the two-factor authentication (you need to be logged in to access the link).
Our own internal practice systems and data were not affected by this incident and remain secure. We are temporarily not uploading any new records to your app until we have more information.
The Team at Plimmer Steps Medical Centre