• Home
  • cyber
  • ManageMyHealth and Canopy Health: Second NZ health provider, Canopy Health, reveals cyberattack
cyber Breach

ManageMyHealth and Canopy Health: Second NZ health provider, Canopy Health, reveals cyberattack

Jul 18, 2025 2 min read
ManageMyHealth and Canopy Health: Second NZ health provider, Canopy Health, reveals cyberattack

New Zealand Health Providers Hit by Cyberattacks as Legal and Notification Delays Raise Concerns

Two major New Zealand healthcare providers ManageMyHealth (MMH) and Canopy Health have disclosed cybersecurity breaches in recent weeks, highlighting vulnerabilities in the sector and sparking debates over legal protections and transparency.

Canopy Health, the country’s largest private medical oncology provider, revealed on 18 July 2025 that an unknown attacker had gained unauthorized access to an administrative server. The company, which operates 24 diagnostic clinics, eight oncology centers, two breast surgical facilities, and a drug compounding business, stated the incident was contained but acknowledged that some data may have been copied. A forensic review confirmed the breach, though details on the scope of exposed information remain limited. Canopy secured an urgent injunction from the New Zealand High Court to block the use or publication of any accessed data and reported the incident to NZ Police and the Office of the Privacy Commissioner.

Separately, ManageMyHealth faced a breach earlier this year, with the company only beginning to notify affected patients six months after the attack. The delayed disclosure has drawn criticism, particularly as the provider handles sensitive medical records. A court injunction was also granted in this case, restricting the dissemination of compromised data.

The incidents follow a broader trend of healthcare organizations becoming prime targets for cybercriminals, with ransomware groups like CrazyHunter recently compromising six healthcare providers in Taiwan. Legal actions, such as injunctions, have become a common response to prevent data leaks, though their impact on press freedom and public awareness remains contentious.

As investigations continue, the breaches underscore ongoing challenges in cybersecurity preparedness, regulatory oversight, and timely breach notifications within the healthcare sector.

Source: https://databreaches.net/2026/01/12/second-nz-health-provider-canopy-health-reveals-cyberattack/

Manage My Health cybersecurity rating report: https://www.rankiteo.com/company/managemyhealth

Canopy Cancer Care cybersecurity rating report: https://www.rankiteo.com/company/canopy-cancer-care

"id": "MANCAN1768238831",
"linkid": "managemyhealth, canopy-cancer-care",
"type": "Breach",
"date": "7/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Healthcare',
                        'location': 'New Zealand',
                        'name': 'Canopy Health',
                        'size': 'Large (24 diagnostic clinics, 8 oncology '
                                'clinics, 2 private breast surgical centres, '
                                'and a drug compounding business)',
                        'type': 'Healthcare Provider'}],
 'customer_advisories': '50% of affected patients contacted (as of later '
                        'update)',
 'data_breach': {'data_exfiltration': 'Possible (data may have been copied)',
                 'sensitivity_of_data': 'Likely high (medical/patient data)'},
 'date_detected': '2025-07-18',
 'date_publicly_disclosed': '2025-07-18',
 'description': 'Canopy Health, the largest private medical oncology provider '
                'in New Zealand, identified that an unknown person temporarily '
                'obtained unauthorized access to a part of its systems used by '
                'its administration team. The incident was contained, and a '
                'forensic review revealed that some data may have been copied.',
 'impact': {'data_compromised': 'Yes',
            'systems_affected': 'Administration server'},
 'investigation_status': 'Ongoing',
 'references': [{'source': 'DataBreaches.net',
                 'url': 'https://databreaches.net/'}],
 'regulatory_compliance': {'legal_actions': 'Injunction granted by High Court '
                                            'to prevent use/publication of '
                                            'accessed information',
                           'regulatory_notifications': 'Office of the Privacy '
                                                       'Commissioner notified'},
 'response': {'communication_strategy': 'Public disclosure on website, '
                                        'injunction obtained to prevent '
                                        'publication of accessed information',
              'containment_measures': 'Incident contained',
              'law_enforcement_notified': 'Yes (NZ Police and Office of the '
                                          'Privacy Commissioner)',
              'third_party_assistance': 'Cybersecurity experts'},
 'threat_actor': 'Unknown',
 'title': 'Canopy Health Cyberattack',
 'type': 'Data Breach'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.