CCC A.I CyberSecurity Scoring
CCC
Company Information
Website:https://www.canopycancercare.co.nz/
Employees number:46
Number of followers:801
NAICS:62
Industry Type:Hospitals and Health Care
Homepage:canopycancercare.co.nz
CCC Risk Score (AI oriented)
Between 550 and 599
CCCHospitals and Health Care
Updated:
26/03/2026
26/03/2026
551/1000
Very Poor
Ca
CCC Global Score (TPRM)
xxxx
CCCHospitals and Health Care
Score locked

CCCVery Poor
Current Score
551Ca (VERY POOR)
01000
3 incidents
-117.5 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
565
JUNE 2026
563
MAY 2026
559
APRIL 2026
556
MARCH 2026
549
FEBRUARY 2026
547
JANUARY 2026
626
Breach
13 Jan 2026 • CCC
Canopy Health: New health data breach increases scrutiny on private health IT
Two Major Health Data Breaches in New Zealand’s Healthcare Sector
542
CRITICAL-84
CAN1768527698
Two Major Health Data Breaches Shake New Zealand’s Cybersecurity Landscape
New Zealand’s healthcare sector is grappling with the fallout from two significant cyber incidents, raising concerns over data security and delayed disclosures. The breaches one at Canopy Health and the other at Manage My Health (MMH) have exposed vulnerabilities in patient data protection and sparked public frustration over notification delays.
### Canopy Health Breach: Delayed Disclosure Fuels Outrage
Canopy Health, New Zealand’s largest private oncology provider, confirmed on January 8 that it had suffered a cyber intrusion in July 2023. The company stated that unauthorized access was detected in part of its administrative systems, with some patient data potentially copied. While the breach was contained following a forensic review, the six-month delay in notifying affected individuals has drawn sharp criticism. Patients reported learning of the incident only after the Manage My Health breach dominated headlines in late December, with one individual calling the delay "an outrageous amount of time to keep the breach secret."
### Manage My Health Breach: Larger in Scale, Financially Motivated
The MMH breach, disclosed on December 31, 2023, is far more extensive, affecting approximately 127,000 patients and exposing around 430,000 documents from the portal’s "health documents" section. About 70% of impacted patients are in Northland, where Health NZ uses MMH for direct patient communication.
The hacker, operating under the alias Kazu, claimed the attack was financially motivated, demanding a US$60,000 (NZ$103,500) ransom with a deadline that expired on January 5. MMH has not confirmed whether it engaged with the hacker or paid the ransom but has secured High Court injunctions to limit the spread of stolen data.
### Security Failures and Industry Reactions
Security experts have pointed to basic lapses in MMH’s defenses, particularly the absence of mandatory multi-factor authentication (MFA), which could have prevented the breach. While MFA is widely recommended, some argue it may pose accessibility challenges for elderly or disabled patients. However, a post-breach analysis by security consultant Adam Burns identified multiple baseline security gaps, warning that the incident could inspire copycat attacks and further target New Zealand’s healthcare sector.
### Background on Manage My Health
MMH, launched in 2008 as a patient portal by Medtech (a dominant GP practice management system), has grown into the most widely used health portal in New Zealand. Despite its private ownership, experts note that enforcement of security standards not ownership determines risk levels. The breach comes at a sensitive time for New Zealand’s digital-first government initiatives, including the recent launch of the govt.nz app and plans for digital driver licenses, raising questions about public trust in digital services.
The incidents underscore ongoing challenges in balancing security, accessibility, and regulatory oversight in New Zealand’s healthcare data infrastructure.
INCIDENT DETAILS -
TYPE
MOTIVATION
IMPACT
DATA BREACH
REFERENCES
DECEMBER 2025
625
NOVEMBER 2025
622
OCTOBER 2025
619
SEPTEMBER 2025
617
AUGUST 2025
614
JULY 2025
761
Breach
18 Jul 2025 • CCC
ManageMyHealth and Canopy Health: Second NZ health provider, Canopy Health, reveals cyberattack
Canopy Health Cyberattack
610
CRITICAL-151
MANCAN1768238831
New Zealand Health Providers Hit by Cyberattacks as Legal and Notification Delays Raise Concerns
Two major New Zealand healthcare providers ManageMyHealth (MMH) and Canopy Health have disclosed cybersecurity breaches in recent weeks, highlighting vulnerabilities in the sector and sparking debates over legal protections and transparency.
Canopy Health, the country’s largest private medical oncology provider, revealed on 18 July 2025 that an unknown attacker had gained unauthorized access to an administrative server. The company, which operates 24 diagnostic clinics, eight oncology centers, two breast surgical facilities, and a drug compounding business, stated the incident was contained but acknowledged that some data may have been copied. A forensic review confirmed the breach, though details on the scope of exposed information remain limited. Canopy secured an urgent injunction from the New Zealand High Court to block the use or publication of any accessed data and reported the incident to NZ Police and the Office of the Privacy Commissioner.
Separately, ManageMyHealth faced a breach earlier this year, with the company only beginning to notify affected patients six months after the attack. The delayed disclosure has drawn criticism, particularly as the provider handles sensitive medical records. A court injunction was also granted in this case, restricting the dissemination of compromised data.
The incidents follow a broader trend of healthcare organizations becoming prime targets for cybercriminals, with ransomware groups like CrazyHunter recently compromising six healthcare providers in Taiwan. Legal actions, such as injunctions, have become a common response to prevent data leaks, though their impact on press freedom and public awareness remains contentious.
As investigations continue, the breaches underscore ongoing challenges in cybersecurity preparedness, regulatory oversight, and timely breach notifications within the healthcare sector.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Breach
18 Jul 2025 • CCC
Canopy Healthcare: Patients notified months after Canopy Healthcare cyber incident
Canopy Healthcare Data Breach
610
CRITICAL-151
CAN1768223930
Canopy Healthcare Discloses Delayed Data Breach Impacting Patients and Staff
On 12 January 2026, Canopy Healthcare, a major private oncology provider in New Zealand, revealed a cyber incident that compromised patient and staff data six months after the breach occurred. The unauthorized access took place on 18 July 2025, with attackers copying a limited set of administrative data, potentially including patient records, passport details, and bank account numbers.
The company stated that the full scope of affected individuals and stolen data remains unclear, and no evidence has surfaced of the information being leaked or published online. Patient notifications began in December 2025, drawing criticism for the delayed disclosure. One impacted individual expressed frustration over learning of the breach months after the fact.
Canopy Healthcare reported the incident to New Zealand police and the Privacy Commissioner at the time, secured a High Court injunction to prevent data misuse, and confirmed that its medical services remained unaffected. The investigation into the breach is ongoing.
INCIDENT DETAILS -
TYPE
IMPACT
DATA BREACH
REFERENCES
Frequently Asked Questions
?
What is the current A.I Rankiteo Cyber Score for CCC ??
What was CCC's A.I Rankiteo Cyber Score in June 2026 ??
What was CCC's A.I Rankiteo Cyber Score in May 2026 ??
What was CCC's A.I Rankiteo Cyber Score in April 2026 ??
What was CCC's A.I Rankiteo Cyber Score in March 2026 ??
What was CCC's A.I Rankiteo Cyber Score in February 2026 ??
What was CCC's A.I Rankiteo Cyber Score in January 2026 ??
What was CCC's A.I Rankiteo Cyber Score in December 2025 ??
What was CCC's A.I Rankiteo Cyber Score in November 2025 ??
What was CCC's A.I Rankiteo Cyber Score in October 2025 ??
What was CCC's A.I Rankiteo Cyber Score in September 2025 ??
What was CCC's A.I Rankiteo Cyber Score in August 2025 ??
What is the average per-incident point impact on CCC's A.I Rankiteo Cyber Score over the past 12 months ??
Where can I access detailed records of all cyber incidents associated with CCC ??
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ??
Where can I view CCC's profile page on Rankiteo ??
How accurate is the A.I Rankiteo Risk Scoring methodology ?