Manage My Health was the victim of a ransomware attack. (File photo) Photo: RNZ / Finn Blackwell
As Manage My Health deals with the fallout from a data breach involving hundreds of thousands of medical files, other platforms are using multi-factor authentication to boost security.
Some 125,000 patients were affected by the ransomware attack on Manage My Health, in which hundreds of thousands of medical files were stolen and the hackers demanded US$60,000 (NZD$105,000) to prevent their release.
By January 3, the company said the flaws in its code had been fixed.
Then on Monday, oncology provider Canopy Health confirmed it, too, had been breached - but its attack occurred in mid-2025.
MyIndici, another platform used by doctors to share information and test results with patients and allow them to book appointments, was planning to introduce multi-factor authentication to its app.
A note on its log-in page alerts users of plans to introduce multi-factor authentication.
"Important update: Upcoming login process changes. Multifactor Authentication (MFA) will soon be required for added security."
It's not clear when the notice was first published, or when plans to introduce MFA were instigated.
MyIndici has been approached for comment.
Angus Chambers from the General Practice Owners Association said there were a number of patient portals available for GPs to choose between, and practices tended to use whichever software was most compatible with their overall practice management system.
Dr Angus Chambers. (File photo) Photo: Supplied
GP network The Doctors, which consisted of more than 50 clinics around the country, ran its own portal built by a company called Webtools. According to the FAQ section of its website, the app supported two-factor authentication, including face and fingerprint recognition.
Further down the FAQs, in a note to "address some common questions about the recent Manage My Health cybersecurity incident", it clarified its systems were unrelated to Manage My Health.
"They are completely separate companies with different systems, technology, and operating models."
"Centrik is maintained by a local development team and is regularly updated. The platform undergoes routine testing by independent cybersecurity specialists.
"Your app supports two-factor authentication for added protection. Where available, you can also use face or fingerprint recognition to log in securely."
Callum McMenamin, a web standards consultant who worked on government website security, told Morning Report, two-factor authentication was essential for modern security.
"It's just too risky not to," he said - and it would need to be mandatory across all accounts for it to be effective.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
