It has come to light that another service provider to the healthcare sector, Canopy Healthcare, has been hit by data breach. However, those affected have only just been informed of the attack that occurred six months ago. Patient records, passport information and bank account details have been affected. Canopy describes itself as “the largest private medical oncology provider in New Zealand”. Its stable includes Auckland Breast Centre, Canopy Imaging, Canopy Cancer Care, Absolute Radiology and Imix. In a post to its website, dated “January 2026″, the company said a “small” amount of data was copied. “There continues to be some uncertainty as to the precise data and individuals that may have been affected,” Canopy said. “On July 18, 2025, Canopy Healthcare identified that an unknown person temporarily obtained unauthorised access to a part of our systems used by our administration team. “In instances where some patient or staff information may have been accessed, we are contacting those individuals directly.” It added: “The unauthorised party may have accessed a small number of bank account numbers, which had been provided to Canopy for payment or refund purposes. We are directly notifying potentially affected individuals.” The message also said: “There have been some instances of staff identity information potentially being affected, and we have notified those staff to provide support.” Canopy advised those whose passport information had been compromised could add an “alert” to their record via the Ministry of Internal Affairs. “No credit cards were affected,” it clarified. Canopy said its operations and services continued as normal. “Despite rigorous investigation, we have not been able to confirm who was responsible,” it said. “To date, Canopy has not been contacted by the unauthorised party.” Canopy said it notified the Privacy Commissioner and police at the time of the attack. It has been approached for comment. Canopy’s public statement follows the December 30 revelation that some 127,000 patients had their medical files accessed in a ransomware breach of the ManageMyHealth portal for GPs. Security experts said they found flaws in ManageMyHealth’s technical setups, while questions have also been raised about governance and government oversight of private providers. Health Minister Simeon Brown has asked the Ministry of Health to conduct a review of the ManageMyHealth breach. Brown and the Office of the Privacy Commissioner have been asked for comment on the Canopy breach. Chris Keall is an Auckland-based member of the Herald’s business team. He joined the Herald in 2018 and is the technology editor and a senior business writer.