Canopy Healthcare which operates multiple diagnostic clinics, oncology treatment centres and breast surgical facilities across New Zealand has confirmed that it experienced a cybersecurity incident on 18 July 2025. According to the company’s update, an unauthorised person temporarily accessed part of its information systems used by the administrative team.

The organisation states that the breach was contained to specific administrative servers and did not impact clinical operations, electronic health record systems, appointments or patient care services. All diagnostic, oncology and related medical services continued to operate as usual during and after the incident.

Canopy said it immediately took steps to secure its systems, engaged cybersecurity specialists for a forensic investigation, and notified authorities including the New Zealand Police and the Office of the Privacy Commissioner. The company also obtained an urgent High Court injunction to prevent any use or publication of potentially accessed information.

Although the company has not confirmed the exact extent of the data accessed, it stated that a small number of bank account numbers and some staff identity information may have been compromised. It is unclear whether patient identity or detailed clinical records were involved. Affected individuals are being contacted directly with information and support.

The disclosure comes more than six months after the incident was identified, prompting criticism from patients and privacy advocates who said delayed notification undermines confidence in healthcare cybersecurity. Some commentators note this incident comes amid broader concerns about security vulnerabilities in New Zealand’s health IT landscape following other breaches in the sector.

Industry experts say the episode highlights the need for stronger, proactive cyber defence measures and faster transparency when breaches occur especially in healthcare, where sensitive administrative and clinical data could be exploited for fraud or identity misuse.