New Zealand Probes Major ManageMyHealth Data Breach, Hacker Claims Stealing Over 428,000 Files
Published
Key Takeaways
- Government Intervention: New Zealand's health minister has ordered an official review into a significant cyberattack targeting the ManageMyHealth platform.
- Patient Data at Risk: The breach potentially affects over 100,000 patients, with claims that stolen data includes passport scans, body images, and sensitive health details.
- Ransom Demand: A threat actor named "Kazu" has claimed responsibility, demanding a $60,000 ransom and threatening to release the entire data cache.
The New Zealand government is probing a significant ManageMyHealth data breach. Health Minister Simeon Brown has ordered a formal review of the cyberattack targeting a private health platform used by medical facilities nationwide to manage the records of approximately 1.8 million individuals.Â
The breach is estimated to have affected over 100,000 patients, prompting an immediate, resource-intensive government response to support the company and investigate the incident's full scope.
Details of the Cybersecurity Incident
The cyberattack was claimed by a threat actor using the alias "Kazu," who posted on a cybercrime forum about the breach on December 30, followed by samples published via Telegram, according to RNZ reports.
The actor allegedly accessed the medical documents section of the ManageMyHealth app and exfiltrated over 428,000 files, demanding a $60,000 ransom.Â
Reports from an independent IT consultant who reviewed initial data samples suggest the allegedly stolen information is highly sensitive, including:
- passport scans,Â
- clinical notes,Â
- lab results,
- nude patient images.Â
ManageMyHealth has not confirmed the specific types of data compromised, but said that approximately 7% of patients were affected. The company has sought a legal injunction to prevent the dissemination of any leaked data.
Implications for New Zealand Cybersecurity
This major healthcare data breach has put the New Zealand cybersecurity protocols under intense scrutiny. Minister Brown expressed deep concern over the exposure of highly personal health information. "The reality is that here is a big wakeup call in terms of the protection of private health data and their need for that to be held in the most secure form possible so that patients can have confidence in how it is being used," he said.Â
ManageMyHealth has engaged independent cybersecurity specialists and is collaborating with the Privacy Commissioner, New Zealand Police, and Health New Zealand.Â
Last month, NHS Tech Provider DXS International confirmed a data breach claimed by the DevMan Ransomware group.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Saturday.
Most Popular