Manage My Health cyber breach

:
6 January 2026
:
Alert

Starting the year with care

The recent cyber incident at Manage My Health is a tough way to begin the year. It is a stark reminder that criminals are actively targeting organisations that serve our communities. Manage My Health is a victim here, not a perpetrator. Blame rests with the attackers, and our energy should go into practical support and resilience for medical practices and their patients.

Read Manage My Health’s official statement

A positive way forward for medical practices

Incidents like this are distressing, but they can also be a catalyst for lifting digital safety across the sector. The goal is practical resilience, so that a practice can prevent most attacks, detect and contain what gets through, and recover quickly with patients’ trust intact.

Here are steps medical practices can take this week:

  1. Strengthen sign‑ins. Turn on multi factor authentication for all staff wherever it is available, and enforce strong, unique passwords. Guidance for patients and staff is available from Own Your Online.
  2. Reduce exposure. Limit administrative privileges, remove unused accounts, and review who has access to patient documents and practice systems. Apply the principle of “only the access people really need”.
  3. Harden the essentials. Update operating systems and applications, enable automatic updates, and verify that anti‑malware protections and firewalls are working and centrally monitored.
  4. Prepare clear communications. Draft patient‑friendly messages and a simple question‑and‑answer sheet so your team can respond consistently if patients call or visit.
  5. Review Incident Response processes. How a medical practice responds to a cyber incident profoundly affects its reputation. Quick, clear communication and a well-rehearsed response plan help maintain patient trust and demonstrate professionalism. Acting transparently and with empathy reassures patients and minimises disruption, turning a challenging event into an opportunity to strengthen trust.
  6. Check supplier risk. Confirm how your portal, practice management, and other technology partners will notify you, how they protect your data, and how they will support your patients if something goes wrong. Keep their answers in your procurement records.
  7. Support your people. Provide short, regular training so staff can spot and report phishing and unusual behaviour. Encourage a culture of speaking up quickly.

How Outfox can help (without the jargon)

At Outfox, we work with small and medium organisations, medical practices included, to build practical cyber resilience. We know medical practitioners are already busy and stretched thin, so taking on cyber security can feel overwhelming. You’re the experts in medicine, and we’re experts in keeping practices safe online.

We work alongside you and, where needed, can liaise directly with your IT providers and other technology partners on your behalf. This ensures your practice is making informed decisions and implementing the best business practices for robust digital security across your people, processes and technology, allowing you to focus on what you do best, caring for your patients.

By teaming up, we help protect your practice without adding to your workload.

For the New Year, we can help your practice:

  • Assess your current posture with our Cyber Resilience Warrant of Fitness Health Check, giving you a plain, prioritised roadmap of what to fix first.
  • Design and rehearse your incident response, so you are not figuring things out in the middle of an event.
  • Work with your IT Providers to tidy up access and configurations across computers, user accounts, and cloud services, and help you set practical policies that people will actually follow.
  • Lift staff awareness with short, human‑friendly sessions that fit into busy clinic schedules. Our approach is simple: start where risk is highest, fix what matters most, and build habits that stick.

A final word

Manage My Health did not ask to be attacked; criminals chose to target a service that supports care for whānau across Aotearoa. We only care about providing  practical action supporting patients and strengthening the everyday protections inside our New Zealand medical practices

If you run a medical practice and want help to lift your digital safety and resilience this month, send me a message at info@outfox.co.nz and we’ll line up a short, no‑obligation chat.

About Outfox

Outfox is an award‑winning New Zealand cyber security company dedicated to protecting small and medium businesses from online threats. We focus on practical, plain‑language solutions that strengthen your digital safety without slowing you down. Our services include cyber resilience health checks, incident response planning, staff awareness training, and ongoing support tailored to your organisation. We believe security should be simple, cost-effective, and human‑friendly, so you can get on with what matters most.

Contact us