What does the history of cyber breaches in New Zealand inform us not only about common exploits, but also forecasts regarding future attacks?
The Manage My Health Data Breach
In the recent Manage My Health data breach, hackers calling themselves “Kazu” demanded a $60,000 ransom within 48 hours, threatening to release the personal data of 126,000 customers if payment was not made.
The majority of patients impacted by the Manage My Health cyber breach have now been notified, as the platform continues working through the remaining communications and support for those affected. Following the breach, a government review of national cybersecurity protections was initiated.
Manage My Health began notifying affected individuals and sought legal protection to prevent further public use of stolen patient data. In its latest update, the organization has stated that a “large proportion” of affected users have received notification emails, with the priority now focused on contacting the remaining patients and ensuring they receive appropriate support.
The company acknowledged in a recent statement that when the breach was first identified, it moved to alert anyone who may have been affected out of caution and transparency. As a result, some people were notified prematurely, but a forensic investigation has since confirmed certain individuals were not impacted and they have now been updated.
The breach involved a limited feature of the platform and affected documents stored in the My Health Documents section. This includes files uploaded by users, such as correspondence, reports or results, as well as some clinical documents, including hospital discharge summaries and clinical letters related to care received in Northland Te Tai Tokerau.
Manage My Health stressed the breach did not involve GP clinical systems, live medical records, prescriptions, secure messaging, or appointment systems.
Spokespeople have stated that Manage My Health acted immediately after detecting unusual activity, securing the platform, activating its incident response plan and engaging independent cyber security specialists. The affected feature has now been secured and the incident contained.
An interim High Court injunction has also been obtained to prevent any third party from accessing, sharing, or publishing impacted data. The company said it is actively monitoring known data leak websites and is prepared to issue takedown notices if information appears online.
Health New Zealand, the Office of the Privacy Commissioner, the National Cyber Security Centre and New Zealand Police have been notified, and Manage My Health says it is continuing to work closely with regulators as the investigation progresses.
How Does the Manage My Health Breach Relate to Ongoing Cyberattack Trends?
According to the National Cyber Security Centre’s latest Cyber Threat Report:
Ransomware has become “ransomware-as-a-service"
Attackers can now rent tools, infrastructure, and even negotiation services
AI is accelerating attack sophistication and speed
Over 40% of incidents in 2024/25 were financially motivated
Around 25% were suspected to involve state-sponsored actors
Many organizations that pay ransoms never fully regain access to their systems. Others are extorted repeatedly.
The threat isn’t slowing down. It’s scaling.
Cyber Breaches in New Zealand: a History
The Manage My Health breach is serious, but it is not unique. History shows us that no industry is immune.
Some of New Zealand's most prominent cyberattacks have included:
Waikato DHB (2021)
The Waikato DHB ransomware attack shut down five hospitals for weeks. Over 4,000 patient and staff records were later leaked online. Recovery took months.
According to Waikato DHB’s chief executive, Kevin Snee, the malicious software allegedly entered the network by a phishing operation through an email attachment, blocking access to the systems and encrypting the data.
The board was allegedly already warned through an internal cybersecurity report drafted before the attack that DHB’s IT security was susceptible to a major cyberattack since some of their computers were running outdated and unsupported operating systems (Windows 7 )and security measures and thus were exposed to virus and malware threats.
Tonga Health System (2025)
A one million dollar ansom demand left the country’s healthcare system offline for nearly a month in the wake of the Tonga Health System breach. Patients were asked to bring handwritten records to appointments while systems were restored.
The system was hacked, the health information system, and they asked for payment of a million dollars to have the system back.The Ministry of Health refused to make any payments. In the meantime, they called for help to Australia, who sent their expertise to help them out.
WannaCry (2017)
In early 2017, a group of hackers, collectively known as “Shadow Brokers”, released an exploit named EternalBlue developed by the National Security Agency (NSA), which is now being used in one of the most prolific cyber-attacks the world has ever seen.
The appropriately named ransomware attack, “WannaCry,” utilized EternalBlue, to effectively cripple computer systems and users across the globe, demanding sums of cash from its victims in exchange for the recovery of their data.
Over 300,000 computers in 150 countries were affected. Victims who paid the ransom often did not regain access.
Qantas (2025)
On October 11th, 2025, threat actors released the personal data of 5.7 million Qantas customers on the Dark Web. This information includes dates of birth, phone numbers, addresses, emails, and frequent flyer numbers.
The hacker collective Scattered Lapsus$ Hunters released an extortion note on a data leaks site on the dark web last week, demanding payment in return for preventing the stolen data from being shared.
The Qantas data, which was stolen from a Salesforce database in a major cyberattack in June, included customers’ email addresses, phone numbers, birth dates and frequent flyer numbers. It did not contain credit card details, financial information, or passport details.
Nissan (2024)
In 2024, Nissan suffered multiple significant data breaches, most notably a March incident where the Akira ransomware group accessed systems in Australia and New Zealand, impacting over 100,000 individuals.
Additionally, in May 2024, Nissan North America disclosed a breach exposing personal information of over 53,000 employees.
Latitude Financial (2023)
The consumer lender, which offers personal loans and credit to customers shopping at stores including JB Hi-Fi, The Good Guys and Harvey Norman, said in a statement that some of the documents date back to at least 2005.
The details stolen include 7.9 million Australian and New Zealand driver’s licence numbers and 53,000 passport numbers, Latitude said.
A further 6.1 million customer records were also stolen, of which 5.7 million were provided before 2013. These records include information such as names, addresses, phone numbers and dates of birth, the company said.
NZX DDoS Attacks (2020)
Repeated attacks halted trading for nearly a week.
NZX Ltd, which operates the exchange, restored connectivity ahead of the next trading day. But the attacks resumed once the market opened, forcing more trading suspensions over the next ew days.
When the exchange finally moved its servers out of the reach of the digital bombardment – to cloud-based servers – the attackers began targeting the exchange’s individually listed companies. In the end, trading at NZX was stopped for four days, with “only intermittent periods of availability,” according to a government review.
“You wouldn’t wish this on your worst enemy,” NZX Chief Executive Officer Mark Peterson told a local newspaper.
NZX was hit with the cyber equivalent of a mugging, a crude and dated style of hack that John Graham-Cumming, the chief technology officer at the cyber-security firm Cloudflare, described as “the simplest, dumbest attack you can do.” Known as a distributed denial of service, or DDoS for short, such attacks inundate a computer network or server with so much traffic that it can become overwhelmed and stop functioning.
DDoS attacks have been around for decades even though the cybersecurity industry has largely figured out how to withstand them. Nevertheless, they have endured and grown because they are relatively easy to pull off compared to actual hacks of computer networks and the explosive growth of internet-connected devices has given hackers an edge in launching attacks.
New Zealand Parliament Hack (2021)
Alleged state-sponsored hackers targeted critical government systems.
The Real Question: How Prepared Are You?
Cybercriminals don’t just look for weaknesses in software. They look for weaknesses in preparation.
They exploit:
And now, with AI-enhanced automation and global ransomware networks, they can scale attacks faster than ever before.
The difference between disruption and disaster often comes down to one thing:
Preparation before the breach happens.
The Cost of Waiting
When organisations delay proactive security testing, they risk:
The $60,000 demand in the Manage My Health case may sound significant, but history shows recovery, legal, operational, and reputational costs can climb into the millions.
Conclusion
The Manage My Health breach will be studied, reviewed, and investigated.
But the organisations reading about it today have a choice:
Wait and hope. Or test and prepare.
