Patients at a dental practice in Wellington may have had their privacy breached after its email server was hit by hackers.
Symes de Silva has contacted people who may have to tell them about the cyber security incident, but so far it has found no evidence any data was taken.
On its website, Symes de Silva said its email server was hacked in April and malware was installed.
That malicious software has since been removed and a forensic analysis of the server has found no signs any information has been obtained or misused.
The practice said the email server contained some personal information, which was potentially exposed for a period of time.
Personal details, including names, dates of birth, phone numbers and addresses, were held on the server, as well as some health information, such as dental photos and scans, referrals, information about procedures and insurance claims.
A Symes de Silva spokesperson said as soon as they discovered the problem, the server was taken offline.
It has also carried out further IT checks to ensure its systems are secure.
The Privacy Commissioner has been notified.