Why Governance, Access Control and Vendor Oversight Now Define Patient Safety
Paul Chua • February 24, 2026
The recent breach of New Zealand’s ManageMyHealth patient portal exposed sensitive information from roughly 120,000 people, making it one of the country’s most significant healthcare privacy incidents. For affected patients, the consequences are deeply personal and potentially lifelong. Unlike a stolen credit card, you can’t reset your medical history.
The incident highlights a broader shift in how healthcare data risk is emerging across the Asia-Pacific region. Breaches no longer stem mainly from isolated technical failures. Instead, they reflect organizational and governance gaps in how healthcare systems share threat intelligence, manage user access and oversee third-party platforms.
ManageMyHealth is not an anomaly. It shows how operational complexity and unclear accountability can turn routine digital operations into systemic exposure. For healthcare leaders, the lesson extends beyond preventing the next breach. They must build the capability to manage digital risk as a continuous, enterprisewide discipline.
Three structural issues stand out: fragmented threat intelligence and incident response, weak control over who has access to systems and data and growing dependence on third-party platforms that now carry first-order healthcare risk.
-
Access and Identity
-
Third-Party Risk
-
Healthcare Resilience
Read the article in InfoRisk Today. Click Here
