Manage My Health was the victim of a ransomware attack. (File photo) Photo: RNZ / Finn Blackwell
As Manage My Health deals with the fallout from a data breach involving hundreds of thousands of medical files, other platforms are using multi-factor authentication to boost security.
Some 125,000 patients were affected by the ransomware attack on Manage My Health, in which hundreds of thousands of medical files were stolen and the hackers demanded US$60,000 (NZD$105,000) to prevent their release.
By January 3, the company said the flaws in its code had been fixed.
Then on Monday, oncology provider Canopy Health confirmed it, too, had been breached - but its attack occurred in mid-2025.
MyIndici is another platform used by doctors to share information and test results with patients and allow them to book appointments.
A spokesperson from Valentia Technologies, the developer of the practice management solution Indici, and the associated patient portal MyIndici, said security and privacy had always been a top priority.
GPs using MyIndici did not use ManageMyHealth as a patient portal, they said.
MFA had been available for some time, they said. "There is no connection between its introduction and the recent ManageMyHealth data breach."
"In the first half of 2025, a message was displayed on the myindici apps and portal advising users that MFA was available, and encouraging them to activate it."
MFA was made compulsory in October 2025.
Angus Chambers from the General Practice Owners Association said there were a number of patient portals available for GPs to choose between, and practices tended to use whichever software was most compatible with their overall practice management system.
Dr Angus Chambers. (File photo) Photo: Supplied
GP network The Doctors, which consisted of more than 50 clinics around the country, ran its own portal built by a company called Webtools. According to the FAQ section of its website, the app supported two-factor authentication, including face and fingerprint recognition.
Further down the FAQs, in a note to "address some common questions about the recent Manage My Health cybersecurity incident", it clarified its systems were unrelated to Manage My Health.
"They are completely separate companies with different systems, technology, and operating models."
"Centrik is maintained by a local development team and is regularly updated. The platform undergoes routine testing by independent cybersecurity specialists.
"Your app supports two-factor authentication for added protection. Where available, you can also use face or fingerprint recognition to log in securely."
Callum McMenamin, a web standards consultant who worked on government website security, told Morning Report, two-factor authentication was essential for modern security.
"It's just too risky not to," he said - and it would need to be mandatory across all accounts for it to be effective.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
