top of page
Search

Your Learning from the MMH Data Breach

  • sophiebailey22
  • Jan 23
  • 2 min read

Updated: Feb 2


On 30 December 2025, Manage My Health (MMH), a widely used platform for storing and accessing GP health records across NZ, experienced a data breach affecting around 126,000 people. MMH integrates with multiple medical services and allows patients to view information such as test results, scans, and clinical records online. It was well reported in the media and is likely to bring MMH to its knees.

 

There is a lot that all of us can learn from this attack.

 

Really, A Phishing Attack?

The breach is believed to have resulted from a phishing attack, where an employee clicked on a malicious email link, allowing unauthorised access to parts of the system. If this is the case, this is a pretty low-level entry into that system. Ember Technology has been simulating phishing attacks for our clients for about seven years. We send staff a fake phishing email and check who 1) clicks on the link and 2) submits their login and password. You'd be surprised who we catch! We follow those up with some training so that they don't get caught out again.

 

Communicate & Communicate Some More

From the outside, it seemed that MMH lacked a pre-written communications plan. Should your organisation fall victim to a cyber attack, your comms will likely grow or destroy trust with all your stakeholders. Well-oiled communication can demonstrate how effective a business you are.

 

Disaster Recovery Plans

MMH used expert investigators, which seemed like a good move. It raises the question, how many businesses have an up-to-date disaster recovery plan that has been tested in a simulated attack? Thankfully, most of Ember Technology's clients have this in place.

 

What Can You Do Now?

Now is a great time to check your cybersecurity position. We're happy to discuss our globally-recognised security frameworks, prevention steps and monitoring systems to ensure your business isn't put through the wringer.

 

Health Organisations Take Note

Attacks on medical and health-sector organisations are seemingly on the rise. Ember Technology provides cybersecurity services to a large number of health organisations, and we are very familiar with Health NZ's Health Information Security Framework.


 
 
 

Comments

bottom of page