Four websites out of 600 scanned by New Zealand's National Cyber Security Centre (NCSC) following the breach of Wellington primary health organisation Tū Ora Compass Health's site in August have been found to have the same vulnerabilities, the Ministry of Health said.

The four sites belong to three district health boards and have since been patched, with a fifth site found to be a false positive, with the vulnerability having been previously secured.