Expert Analysis: Fresh Security Vulnerabilities Discovered in ManageMyHealth Platform
By Lions Roar News Technology & Health Desk
AUCKLAND, NEW ZEALAND (January 9, 2026) — Concerns over the privacy of New Zealanders’ medical data have intensified today following an expert analysis that reveals “fresh issues” with the ManageMyHealth website and mobile app.
The analysis, conducted by internet security expert Adam Burns of the security firm Blackveil, suggests that the platform—used by hundreds of thousands of Kiwis to access their GP records—remains vulnerable even after recent public hacks.
🔍 The “Non-Intrusive” Discovery
Speaking to the NZ Herald, Burns explained that he performed a voluntary, non-intrusive security reconnaissance of the system out of professional interest. His findings indicate that the platform’s defenses may not be as robust as users have been led to believe.
- Methodology: Burns utilized standard security testing protocols that do not disrupt service or access private data but instead look for “open doors” or weak encryption.
- Timing: The analysis was triggered by the high-profile security breach that was made public earlier this month.
- Scope: The vulnerabilities were reportedly found in both the web portal and the mobile application interface.
🛡️ What This Means for Users
ManageMyHealth is a critical piece of New Zealand’s digital health infrastructure, allowing patients to view lab results, book appointments, and message their doctors. Any flaw in this system puts sensitive personal and medical history at risk.
“I voluntarily tested the website and app for my own interest after the hack was made public,” Burns told the Herald.
The disclosure of these fresh problems raises serious questions about the platform’s security update cycle and its ability to protect patient confidentiality against increasingly sophisticated cyber threats.
🏗️ Response from Authorities
The discovery of these new flaws comes at a sensitive time for the government and health officials. While Minister Simeon Brown has been addressing the media on broader infrastructure and legislative issues today, the pressure is mounting on health tech providers to provide transparency regarding their data protection measures.
- ManageMyHealth Response: The platform providers have yet to release a detailed technical rebuttal to Burns’ findings, though they have previously stated that they take security with the utmost seriousness.
- Privacy Commissioner: Experts anticipate the Office of the Privacy Commissioner will take a keen interest in these reports to determine if any breach of the Privacy Act has occurred.
