Data Breaches and the Importance of Zero Trust and Privileged Access Controls
When Issues Aren't Confined to a Single Technical Failure But Are Due to Acess That Persisted Longer and Reached Further

Healthcare data is deeply sensitive, and it has to be available when and where care is delivered, which makes securing it especially challenging. That combination also makes it a highly attractive target for cybercriminals. When patient information is exposed, the impact is not confined to a system or a platform—it affects people’s privacy and their trust in the healthcare services they rely on.
The recent significant data breach at ManageMyHealth is undeniable proof of this deeply sensitive nature. In this breach, threat actors caused the privacy exposure of 400,000 documents, including clinical notes, lab results, and personal photos, and impacted over 126,000 New Zealanders. This likely isn’t an isolated incident, and there are possibly many more—including a few that have gone unreported.
Zero Trust and Access Controls Are Nonnegotiables
As reliance on digital health platforms scales, access expands across users, systems, and partners—often faster than controls are revisited. Over time, that creates pathways that are broader or less visible than intended. In many major breaches, the issue is not a single technical failure, but access that persisted longer, reached further, or was harder to see than it should have been.
This is where Zero Trust and privileged access controls make a tangible impact. In complex healthcare environments, elevated access is unavoidable, but it has to be intentional and visible. When access is spread across disconnected systems, it becomes difficult to see who has access to what, or to spot when something changes. Managing privileged access through a modern, unified platform gives organisations clearer visibility, more consistent control, and a better chance of containing incidents before they escalate.
The Need for Reassessment and Enhancement
Investigations help explain what happened, but they do not prevent the next incident on their own. What matters is whether organisations use incidents as an opportunity to reassess how access is managed in practice and whether protections evolve alongside the systems they are meant to support. At the same time, individuals should recognise that no system is immune and take advantage of dark web monitoring tools, such as BreachWatch, that alert them when their personal information appears in known breaches.
Trust in digital healthcare is fragile. Preserving it requires ongoing attention and clarity about who can access sensitive data and why (zero trust and access management). Security only works when it is treated as something that must be actively maintained, not assumed.



