RNZ reports:
A leading private provider doing breast cancer diagnosis and treatment took six months to notify some patients or the public of a major cyber attack on its systems.
In an update on its website this week, Canopy Health – the largest private medical oncology provider in the country – said on 18 July 2025, it identified that an unknown person “temporarily obtained unauthorised access” to a part of its systems used by its administration team.
“Following a thorough forensic review by our cybersecurity experts, we have been advised that unauthorised access to one of our servers likely occurred, and some data may have been copied.”
The company, which runs 24 diagnostic clinics, eight oncology clinics, two private breast surgical centres and a drug compounding business, said the incident had been “contained” and the investigation was ongoing.
Read more at RNZ.
In its FAQ on the incident, Canopy notes, “We also applied for and obtained an urgent injunction from the High Court to prevent use or publication of any information that may have been accessed and notified the NZ Police and the Office of the Privacy Commissioner.”
So the high court gave MMH an injunction and Canopy an injunction? That’s three we have learned about this month: Manage My Health, Canopy Health, and Neighbourly. Should NZ courts be granting injunctions that may interfere with a free press so readily? Maybe the public would be better served if the government started auditing entities for their cybersecurity and fining entities with substandard security?