Photo: Pixabay/shafin_protic
A ransom hack on New Zealand's largest health portal is being billed as one of the country's biggest cybersecurity incidents, but how does it compare?
The hackers have threatened to release more than 400,000 documents stolen from about 126,000 Manage My Health patients if the private company failed to pay $60,000 by 5am Tuesday.
The breach has prompted a government review of what happened, looking into whether security protections were sufficient, and any improvements that should be made.
Manage My Health is seeking an injunction on the patient information being used publicly, and working to notify those affected.
The company is also working with Health NZ, the Ministry, the Privacy Commissioner and General Practice to minimise ongoing risk.
The National Cyber Security Centre (NCSC)'s latest Cyber Threat Report in December identified increasing commercialisation of cybercrime, with known weaknesses and unpatched vulnerabilities in New Zealand "providing threat actors with easy access".
More than 40 percent of incidents NCSC dealt with in the 2024/25 year had links criminal or financially motivations, compared to about 25 percent with suspected links to state-sponsored actors. About 34 percent could not be linked to either.
The number of criminal or financially motivated attacks more than doubled compared to the previous year, and financial losses rose from more than $21.6m to $26.9m.
The agency, which provides cybersecurity services to all New Zealanders, advises not paying ransoms to hackers.
"Unfortunately, many of those who pay do not get their data back or their systems unlocked, and sometimes they are extorted further with the threat of releasing sensitive data."
Th
Continue Reading on RNZ
This preview shows approximately 15% of the article. Read the full story on the publisher's website to support quality journalism.