IntraCare Cyber Incident

Update for patients

27 March 2026

Our team is working urgently and carefully to resolve the issues arising from the recent cyber incident, while continuing to prioritise safe, high-quality care for all patients.

We are making strong progress and are on track to resume medical procedures from Monday 30 March. Patients who are scheduled for treatment will be contacted directly by phone with further details.

Please be assured that the quality and safety of the medical care we provide remains unaffected by this incident.

We appreciate your patience and understanding and will continue to keep you informed.

If you have any concerns or would like further information, please contact us via this email address:
contact@intracare.co.nz

What has happened?

IntraCare responded to a cyber incident involving unauthorised access to its network on Friday, 20 March 2026. As soon as this was detected, we acted immediately to contain the issue.

Out of an abundance of caution, we made the decision to shut down our information technology (IT) systems and to defer patient procedures for the week beginning 23 March, while we investigated the situation and worked to bring our systems back online. We communicated directly with those patients and affected specialists to ensure appropriate rescheduling or relocation, and to maintain continuity of care.

We engaged independent cybersecurity experts CyberCX, one of Australasia’s leading specialist cybersecurity organisations, to undertake a forensic investigation of the incident and work alongside the IntraCare IT team, government agencies and the police. We also notified the Office of the Privacy Commissioner.

What data may have been affected?

IntraCare’s cyber response team has been working at pace to identify if patient data has been affected in the incident.

Due to the nature of the breach and the internal security controls in place to protect the data, this is a technically challenging process and investigation into whether any data has been accessed continues. If it is identified that patient or staff information has been accessed, we will contact those individuals directly.

Has the data been misused or leaked online?

As soon as we became aware of unauthorised access we, through our cyber experts, immediately commenced monitoring for the unauthorised use or distribution of any potentially affected data. We will continue this monitoring for the foreseeable future.

Who caused this incident?

Our cyber experts continue to investigate the cause of the incident.

Is there anything I should do?

It is a fact that cyber-related scams are ever-increasing and we recommend caution – not only due to this event – but also as cyber incidents more broadly continue to rise

The following sites provide useful information on how you can stay cyber safe:

  • National Cyber Security Centre: provides general online safety advice.; 
  • Office of the Privacy Commissioner: provides general advice on protection of personal information; 
  • New Zealand Police via their Fraud/Scam/Cyber page

Please take care when receiving emails or texts that seem unusual or ask for sensitive information or password resets. If you get a message you weren’t expecting, especially one asking for payment or personal details, it is best not to reply. Verify the request through a trusted source before responding. 

If something doesn’t look right, you can let the New Zealand Police know using their Fraud/Scam/Cyber page. 

What is being done to prevent this from happening again?

Cybercrime is evolving rapidly and we continue to invest heavily in cyber security measures to reduce the risk of future incidents. We are also working with third party experts, including across a range of government agencies and the health sector, to share key learnings from this incident and strengthen collective resilience.

What is being done to look after patients?

Trust is fundamental in healthcare. That’s why we’re being open about what happened, responding immediately and putting safeguards in place.

We plan to resume medical procedures on Monday 30 March and will contact scheduled patients directly by phone. Please be assured that the quality and safety of the medical care we provide remains unaffected by this incident.

Has this happened before?

We have not previously had a cyber incident.

 

IntraCare responded to a cyber incident on 20 March 2026. As soon as unauthorised access was detected, we acted immediately to contain the issue.

Out of an abundance of caution, we made the decision to shut down our IT systems and to defer patient procedures for the coming week while we concurrently investigated the situation and worked to bring our systems back online. We communicated directly with those patients and affected specialists to ensure appropriate rescheduling or relocation, and to maintain continuity of care.

Our response continues to be supported by an all-of-government group of experts and IT professionals. We are working closely with Health New Zealand, the National Cyber Security Centre, and New Zealand Police. We remain in regular contact with the Office of the Privacy Commissioner, which has been kept informed of all developments.

We engaged independent cybersecurity experts, CyberCX, one of Australasia’s leading specialist cybersecurity organisations to undertake a forensic investigation of the incident.

Our investigation remains ongoing as we work at pace to determine the full extent of the incident. At this stage, we are not in a position to confirm what information, if any, may or may not have been impacted.

We want to reassure you that patient care remains at the forefront, is clinically safe and that any interruption is minimised. This incident relates to the security of data, not the quality or delivery of medical treatment.

IntraCare has activated contingency plans to maintain essential services and minimise disruption.

Due to the complexity and nature of the incident, it will take some time to ascertain whether individual patient records may have been potentially affected.

We have been unable to contact all of our patients directly as our database containing their contact details has been shut down.

What this means for patients?

We want to reassure you that your care remains our highest priority. While our systems remain offline, you may notice:

  • Some delays in appointments or scheduling;
  • Slower administrative processes;
  • Temporary use of manual systems.

Our commitment to you

Maintaining your trust is central to how we are responding. In that regard, we are:

  • Carrying out a thorough investigation to understand exactly what has happened;
  • Rebuilding our IT platforms;
  • Taking all possible steps to prevent any misuse of information;
  • Communicating openly and transparently as more information becomes available.

We are committed to keeping our patients informed. At the same time, we are taking care to ensure that the information we share is accurate and does not cause unnecessary alarm.

We sincerely apologise that this incident has occurred and for any concern it may cause. Our focus remains on patient care and on resolving this situation as quickly and securely as possible.

We will continue to provide updates as more information becomes available.

We appreciate the support of our patients and their whānau as we work to resolve this issue.

If you have any concerns or would like further information, please contact us via this email address:
contact@intracare.co.nz

 

Update: Information regarding cyber incident (March 2026)