Canopy Healthcare’s Cyber Response
Information and Update
October 2025
In July 2025 we identified a cybersecurity incident affecting some of Canopy Healthcare’s information technology systems.
The purpose of this notification is to provide an update on our response to, and the ongoing investigation into, this incident.
Following a thorough forensic review by our cybersecurity experts, we have been advised that unauthorised access to one of our servers likely occurred, and some data may have been copied.
We want to reassure our community of the following:
- Clinical operations remain unaffected. All Canopy clinics and patient services continue to operate as normal and patient appointments remain unaffected. Our systems are stable and functioning securely.
- The incident has been contained. We acted immediately to safeguard and protect information and our systems.
- The investigation is ongoing. We are actively assessing the nature and scope of the data that may have been accessed or copied. This includes identifying any potentially impacted information and individuals.
- No impact to other providers. At this time, we are not aware of any effects on the systems of other healthcare providers or services.
What steps has Canopy Healthcare taken?
As a result of the cybersecurity incident, Canopy Healthcare:
- Took immediate steps to contain the incident and secure our information systems. This included obtaining an order from the Court that prevents the publication of any information that may have been accessed through the cybersecurity incident, and we continue to implement additional security measures to protect our data and infrastructure.
- Engaged independent cyber experts to conduct a comprehensive forensic investigation.
- Notified relevant authorities, including the Office of the Privacy Commissioner, the National Cyber Security Centre and the New Zealand Police.
- Continues to work closely with government agencies and experts to understand and manage the impact of the incident.
We understand this situation may be concerning, and for that, we sincerely apologise. Safeguarding data and information remains a top priority for Canopy Healthcare.
Further Useful Information:
-
IDCARE: IDCARE is an independent not-for-profit cyber support community service who can assist you if you are concerned about the potential misuse of your personal information. Please complete the Get Help form at www.idcare.org
-
National Cyber Security Centre has issued helpful guidelines about keeping yourself safe online. You can access their website here: https://www.ownyouronline.govt.nz/
-
Office of the Privacy Commissioner: Office of the Privacy Commissioner | Protect your personal information
If you have any questions or require any assistance, please contact [email protected].
This website will be updated as more information becomes available.