Source: Radio New Zealand
123RF
A leading private provider doing breast cancer diagnosis and treatment took six months to notify some patients or the public of a major cyber attack on its systems.
In an update on its website this week, Canopy Health – the largest private medical oncology provider in the country – said on 18 July 2025, it identified that an unknown person “temporarily obtained unauthorised access” to a part of its systems used by its administration team.
“Following a thorough forensic review by our cybersecurity experts, we have been advised that unauthorised access to one of our servers likely occurred, and some data may have been copied.”
The company, which runs 24 diagnostic clinics, eight oncology clinics, two private breast surgical centres and a drug compounding business, said the incident had been “contained” and the investigation was ongoing.
Have you been affected? Share you stories with us at: iwitness@rnz.co.nz
Under its Q&A section, Canopy noted the hacker “may have accessed a small number of bank account numbers, which had been provided to Canopy for payment or refund purposes”.
“We are directly notifying potentially affected individuals.
“It is unlikely the threat actor can take significant action with these details, as sensitive bank account information is highly protected.
However, if you are concerned, please contact your bank.”
One man – whose wife received a letter from Canopy Healthcare on 12 December to inform her of the “cyber event” – said it was the first they had heard of the breach.
Canopy Healthcare has been approached for comment.
Second health data incident
In late December, another provider, Manage My Health, confirmed it had identified a security incident involving “unauthorised access” to its platform.
It believed between 6 and 7 percent of the approximately 1.8 million registered users may have been affected.
On Friday, the company said more than half of all impacted patients had now received a notification email, and all patients who were not affected could also see that in their ManageMyHealth app.
More than 80,000 of the 125,000 patients affected by the ransomware attack are based in Northland – the only region where Health NZ itself uses Manage My Health to share information with patients, including hospital discharge summaries, outpatient clinic letters and referral notifications.
The operators of compromised patient data app ManageMyHealth say they have received “independent confirmation” from IT experts the flaws in its code have been fixed.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
– Published by EveningReport.nz and AsiaPacificReport.nz, see: MIL OSI in partnership with Radio New Zealand
