Police are investigating after attempts were allegedly made to hack a nationwide patient database.
In an email obtained by the Otago Daily Times, Dunedin-based clinical adviser for the Southern Primary Health Organisation, Keith Abbott, warned GPs and health organisations about the "significant hacking attempt" on September 9.
He said the hacker tried to gain access to DrInfo, which is used by health boards, medical centres and GPs around the country, with collectively millions of patients.
"Starting at 11am on September 9, in one case continuously lasting for 12 hours, a single IP [internet protocol] address has made over 20 million attempts to guess the passwords of practices, PHOs and DHBs in New Zealand," Dr Abbott said.
"The good news out of this is that no [patient] information was actually hacked."
Dr Abbott said the attack was unusual, in that it was sustained, of significant size and appeared to be originating from within NZ.
"Nevertheless, we encourage you to ensure that your passwords are advanced and not simple to guess," Dr Abbott said in his warning letter to health professionals.
Sam Jacobs, the Auckland-based DrInfo co-founder and chief executive, said the company did not hold medical information, but was used as a prompt for patient health checks, or recall for overdue checks, such as for cancer screening, cardiovascular or immunisations.
Police had handed the investigation to their national cyber crime unit.