Manage My Health Data Breach 31 December 2025
Tangata Whenua made this Official Information request to Ministry of Health
This request has an unknown status. We're waiting for Tangata Whenua to read recent responses and update the status.
From: Tangata Whenua
Dear Ministry of Health,
31 December 2025, the patient health information portal ManageMyHealth disclosed a cyber security breach involving unauthorised access. I would like to request the following information:
(1) What are the names of the people who run the ManageMyHealth platform?
[I have contacted the ManageMyHealth website to seek clarity but the "WHO WE ARE" section does not disclose who they are. https://managemyhealth.co.nz/about-us/]
(2) Who is the person that is liable for ManageMyHealth? Please provide the Name and contact details for the person ultimately responsible for any data breach involving unauthorised access. [The website provides contact details but fails to provide a contact NAME: Level 1, 48 Market Place, Viaduct Harbour.Auckland 1010 [email address]]
(3) Does the Ministry of Health or the Minister Responsible for the Department of Health have any penalties, or a civil penalty rating for cyber security breaches involving unauthorised access. If the answer is no, then why not and when will the ministry be implementing a civil penalty rating?
Yours faithfully,
Tangata Whenua
From: OIA Requests
Kia ora,
The Ministry of Health closedown period is between 23 December 2025 to 7
January 2026. During this time this inbox will not be monitored. We will
respond to your email upon our return.
Have a safe and happy holiday period.
OIA Services Team
Ministry of Health | Manatū Hauora
show quoted sections
From: OIA Requests
Kia ora Tangata Whenua,
Thank you for your request under the Official Information Act 1982 (the
Act), received by the Ministry of Health on 6 January 2026. You requested:
"(1) What are the names of the people who run the ManageMyHealth platform?
[I have contacted the ManageMyHealth website to seek clarity but the "WHO
WE ARE" section does not disclose who they are.
(2) Who is the person that is liable for ManageMyHealth? Please provide
the Name and contact details for the person ultimately responsible for any
data breach involving unauthorised access. [The website provides contact
details but fails to provide a contact NAME: Level 1, 48 Market Place,
Viaduct Harbour.Auckland 1010 [email address]]
(3) Does the Ministry of Health or the Minister Responsible for the
Department of Health have any penalties, or a civil penalty rating for
cyber security breaches involving unauthorised access. If the answer is
no, then why not and when will the ministry be implementing a civil
penalty rating?"
The reference number for your request is H2026077306. As required under
the Act, the Ministry will endeavour to respond to your request no later
than 20 working days after the day your request was
received: [1]http://www.ombudsman.parliament.nz/.
Please be advised that due dates for requests received on 27 November 2025
onwards will take into account the summer holiday period (25 December 2025
to 15 January 2026). Please refer to this guide for an explanation of
the [2]statutory obligations under the Official Information Act 1982.
If you have any queries related to this request, please do not hesitate to
get in touch ([3][email address]).
Ngā mihi,
OIA Services Team
Ministry of Health | Manatū Hauora
M[4]inistry of Health information releases
show quoted sections
Things to do with this request
- Add an annotation (to help the requester or others)
- Download a zip file of all correspondence (note: this contains the same information already available above).
Offensive? Unsuitable?
Requests for personal information and vexatious requests are not considered valid requests for Official Information (read more).
If you believe this request is not suitable, you can report it for attention by the site administrators
Report this request