New Zealand orders review into ManageMyHealth cyberattack
(2026/01/05)
- Reference: 1767613953
- News link: https://www.theregister.co.uk/2026/01/05/nz_managemyhealth_breach_review/
- Source link:
New Zealand health minister Simeon Brown has ordered a review into the cyberattack at ManageMyHealth, which threatens the data of hundreds of thousands of Kiwis.
Brown told reporters on Monday that he asked the government to begin reviewing the incident, including its cause, scope, the company's defenses, and the wider impacts to data access across the country.
ManageMyHealth is a private company that offers a platform used by medical facilities across New Zealand to access patient health records. According to its website, it handles the data for around 1.85 million locals, and the breach affected an estimated 6-7 percent of them.
[1]
"This breach of ManageMyHealth data is incredibly concerning, particularly to the over 100,000 patients and their families who have had their very most personal data, which is their health data, breached through this incident," Brown said.
[2]
[3]
"It's an incredible concern to the government and to Health New Zealand, and the government is throwing a significant amount of resource at addressing this and supporting ManageMyHealth as they respond to this incident."
Brown emphasized this information represents deeply intimate patient details. He added that regardless of whether the data is maintained by public or private organizations, it requires the highest level of security and privacy safeguards, and the nation must significantly improve its handling of such sensitive information.
[4]
A fact sheet posted to ManageMyHealth's website states the company believes the incident is contained, and digital forensics experts are now combing the evidence to establish the full extent of the attack.
"Our immediate priority is safeguarding the integrity and security of our systems," [5]said ManageMyHealth. "We are working with independent cybersecurity specialists, the Privacy Commissioner, the New Zealand Police, and Health New Zealand to coordinate our response. We have implemented additional monitoring and security improvements."
A miscreant going by the name Kazu claimed responsibility for the attack via a cybercrime forum post on December 30. They said the stolen data included more than 428,000 files, which would be opened up for sale if ManageMyHealth did not pay the $60,000 ransom demand by January 15.
[6]
However, on Telegram, Kazu said on January 3 that all the data would be released within 48 hours if the company did not pay.
New Zealand's official stance on [7]paying ransoms mirrors that of its Western geopolitical allies: do not do it.
Kazu released snippets of the data via [8]Telegram , although the links were flagged as abuse material on the file-sharing site and are no longer usable.
IT consultant Cody Cooper, who told [9]RNZ he investigated the data involved before the links were taken down, said it includes passport scans, details of patients' conditions, nude images, and more.
[10]Cybersecurity pros admit to moonlighting as ransomware scum
[11]Death, torture, and amputation: How cybercrime shook the world in 2025
[12]Around 1,000 systems compromised in ransomware attack on Romanian water agency
[13]Russian hackers debut simple ransomware service, but store keys in plain text
ManageMyHealth refused to "speculate" on what kinds of data were included, saying that efforts are still underway to determine what was downloaded and/or accessed.
It stated: "'Accessed' means an unauthorised party may have viewed or opened files. 'Downloaded' means files were copied out of the environment. Independent forensics are being used to confirm what was accessed and what may have been downloaded.
"We will not speculate about what was accessed or by whom. Our priority is to confirm what happened, protect data, and provide affected people with information that is correct."
Brown [14]told media that ManageMyHealth applied for an injunction on Monday to prevent the dissemination of any data that the cybercriminal releases.
The company advised users to regularly change their passwords and use authentication apps for multi-factor protection.
It also said it would never ask for [15]passwords or [16]one-time codes over the phone, and users should be wary of potential scams targeting them.
"We are still investigating what information may have been accessed," the company said. "In general, personal information can sometimes be misused for identity theft or scams.
"If we confirm that your information was affected, we will notify you directly. As a precaution, we recommend following online safety best practices." ®
Get our [17]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://managemyhealth.co.nz/faqs-cyber-breach/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/06/30/information_security_in_brief/
[8] https://www.theregister.com/2025/05/28/telegram_takes_300m_xai_cash/
[9] https://www.rnz.co.nz/news/top/583170/managemyhealth-breach-patients-at-risk-of-identity-theft-extortion-experts
[10] https://www.theregister.com/2025/12/31/alphv_ransomware_affiliates_plead_guilty/
[11] https://www.theregister.com/2025/12/28/death_torture_and_amputation_how/
[12] https://www.theregister.com/2025/12/22/around_1000_systems_compromised_in/
[13] https://www.theregister.com/2025/12/11/cybervolk_ransomware_is_back/
[14] https://www.youtube.com/watch?v=spOZtPLuZHA
[15] https://www.theregister.com/2025/11/06/most_common_passwords/
[16] https://www.theregister.com/2025/12/06/multifactor_authentication_passkeys/
[17] https://whitepapers.theregister.com/
Brown told reporters on Monday that he asked the government to begin reviewing the incident, including its cause, scope, the company's defenses, and the wider impacts to data access across the country.
ManageMyHealth is a private company that offers a platform used by medical facilities across New Zealand to access patient health records. According to its website, it handles the data for around 1.85 million locals, and the breach affected an estimated 6-7 percent of them.
[1]
"This breach of ManageMyHealth data is incredibly concerning, particularly to the over 100,000 patients and their families who have had their very most personal data, which is their health data, breached through this incident," Brown said.
[2]
[3]
"It's an incredible concern to the government and to Health New Zealand, and the government is throwing a significant amount of resource at addressing this and supporting ManageMyHealth as they respond to this incident."
Brown emphasized this information represents deeply intimate patient details. He added that regardless of whether the data is maintained by public or private organizations, it requires the highest level of security and privacy safeguards, and the nation must significantly improve its handling of such sensitive information.
[4]
A fact sheet posted to ManageMyHealth's website states the company believes the incident is contained, and digital forensics experts are now combing the evidence to establish the full extent of the attack.
"Our immediate priority is safeguarding the integrity and security of our systems," [5]said ManageMyHealth. "We are working with independent cybersecurity specialists, the Privacy Commissioner, the New Zealand Police, and Health New Zealand to coordinate our response. We have implemented additional monitoring and security improvements."
A miscreant going by the name Kazu claimed responsibility for the attack via a cybercrime forum post on December 30. They said the stolen data included more than 428,000 files, which would be opened up for sale if ManageMyHealth did not pay the $60,000 ransom demand by January 15.
[6]
However, on Telegram, Kazu said on January 3 that all the data would be released within 48 hours if the company did not pay.
New Zealand's official stance on [7]paying ransoms mirrors that of its Western geopolitical allies: do not do it.
Kazu released snippets of the data via [8]Telegram , although the links were flagged as abuse material on the file-sharing site and are no longer usable.
IT consultant Cody Cooper, who told [9]RNZ he investigated the data involved before the links were taken down, said it includes passport scans, details of patients' conditions, nude images, and more.
[10]Cybersecurity pros admit to moonlighting as ransomware scum
[11]Death, torture, and amputation: How cybercrime shook the world in 2025
[12]Around 1,000 systems compromised in ransomware attack on Romanian water agency
[13]Russian hackers debut simple ransomware service, but store keys in plain text
ManageMyHealth refused to "speculate" on what kinds of data were included, saying that efforts are still underway to determine what was downloaded and/or accessed.
It stated: "'Accessed' means an unauthorised party may have viewed or opened files. 'Downloaded' means files were copied out of the environment. Independent forensics are being used to confirm what was accessed and what may have been downloaded.
"We will not speculate about what was accessed or by whom. Our priority is to confirm what happened, protect data, and provide affected people with information that is correct."
Brown [14]told media that ManageMyHealth applied for an injunction on Monday to prevent the dissemination of any data that the cybercriminal releases.
The company advised users to regularly change their passwords and use authentication apps for multi-factor protection.
It also said it would never ask for [15]passwords or [16]one-time codes over the phone, and users should be wary of potential scams targeting them.
"We are still investigating what information may have been accessed," the company said. "In general, personal information can sometimes be misused for identity theft or scams.
"If we confirm that your information was affected, we will notify you directly. As a precaution, we recommend following online safety best practices." ®
Get our [17]Tech Resources
[1] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[5] https://managemyhealth.co.nz/faqs-cyber-breach/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/cybercrime&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33aVvuLRdzBnmiQlgA9oK9FQAAAcw&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2025/06/30/information_security_in_brief/
[8] https://www.theregister.com/2025/05/28/telegram_takes_300m_xai_cash/
[9] https://www.rnz.co.nz/news/top/583170/managemyhealth-breach-patients-at-risk-of-identity-theft-extortion-experts
[10] https://www.theregister.com/2025/12/31/alphv_ransomware_affiliates_plead_guilty/
[11] https://www.theregister.com/2025/12/28/death_torture_and_amputation_how/
[12] https://www.theregister.com/2025/12/22/around_1000_systems_compromised_in/
[13] https://www.theregister.com/2025/12/11/cybervolk_ransomware_is_back/
[14] https://www.youtube.com/watch?v=spOZtPLuZHA
[15] https://www.theregister.com/2025/11/06/most_common_passwords/
[16] https://www.theregister.com/2025/12/06/multifactor_authentication_passkeys/
[17] https://whitepapers.theregister.com/
Re: we recommend following online safety best practices
Anonymous Coward
I seee the sense in the precaution, but it's not certain Oz national health records are managed in the same way.
Re: we recommend following online safety best practices
Bebu sa Ware
" I for one make sure to opt out of Australia's national health records database as I could see something like this happening a mlle off. "
Opted out at its launch years ago. Prior to the launch there were dire warnings from experts that the data security was woefully inadequate.
Whether the situation ever improved I don't know but apart from an impressive talley of vaccinations there wouldn't be much of mine that would interest anyone even if I were to have a record.
(The vaccination register is separate entity, I think. Pretty secure-even I couldn't get a copy of my record during covid. ;)
"the company believes the incident is contained"
Pascal Monett
Oh, so the company that couldn't detect the breach and protect its own data now believes that the incident is "contained".
How reassuring.
Newsflash : health companies have been targeted for over a decade now. It might be time for you guys to put some money into actually securing your client patient's confidential data.
Just a suggestion.
we recommend following online safety best practices
"......we recommend following online safety best practices."
What a cheek!
How's about YOU follow best practices and don't leak our personal information.
It's comments like these that gaslight and distract the public from this continued incompetence by the companies holding our private data.
The only way to ensure your data is "Secure" is DO NOT collect it in the first place.
I for one make sure to opt out of Australia's national health records database as I could see something like this happening a mlle off.