New Zealand: Office of Privacy Commissioner announced investigation into Manage My Health over alleged cybersecurity breach

On 21 January 2026, the Office of the Privacy Commissioner announced an investigation into Manage My Health over a cybersecurity breach in the digital health sector that handles sensitive patient information. The investigation seeks to examine the causes and scale of the breach, the adequacy of security safeguards, affected patient data, governance and contractual arrangements across the health system, and compliance with the Privacy Act and the Health Information Privacy Code 2020. It was stated that phase one focuses on the responsibilities of Manage My Health and portal users, and the security measures in place at the time of the incident, expected to conclude by 30 April 2026. The findings will inform any advisory or compliance response by the Commissioner, including potential investigations of complaints, and will determine the scope and timing of a second phase.