One section of the Manage My Health patient portal, affecting thousands of private patient records, was hacked two days before New Years Eve.
After an investigation, the breach was found in one module, Health Documents, in the app. The company was notified about an unauthorised access attempt on the 30th December and clarified the factual details as the news emerged and an independent forensic assessment got underway over the New Year.
From an internal review by their forensic cyber security specialists, the conclusion was that the current system environment is “secure and operating as intended”, suggesting the breach did not fully penetrate all data in the whole app.
Clients’ data that has been exposed will spur legal action to ensure protection of all 1.8 million registered users. Manage My Health confirmed approximately 6-7% of users were affected by this incident. Forensic identification of the documents and individuals who own them will become clear in the coming days.
Action was taken immediately to close routes for unauthorised access, re-secure health documents and add secure authentication checks upon login.
Mind My Health app users are advised to change their password or enable two-factor authentication on their accounts for extra peace of mind, which are supported by Google or Microsoft Authenticators.
The data breach at Manage My Health highlights the critical vulnerabilities in healthcare identity ecosystems, a key focus for Identity Week Europe 2026. The Data Protection & Privacy session and the AI and Cybersecurity session at Identity Week Europe are focused on providing expert insight and guidance into identity protection and keeping a human in the loop. Experts like Dimitri van Zantvliet (Dutch Railways) will discuss building resilience and upskilling key staff to ensure proper oversight over new tech.
