Key Takeaways
- The recent ransom hack on New Zealand’s largest health portal, ManageMyHealth, is one of the country’s biggest cybersecurity incidents.
- The hackers have threatened to release over 400,000 documents stolen from about 126,000 patients if the private company fails to pay $60,000.
- The National Cyber Security Centre (NCSC) advises not paying ransoms to hackers, as many who pay do not get their data back or their systems unlocked.
- The NCSC’s latest Cyber Threat Report identifies increasing commercialisation of cybercrime, with known weaknesses and unpatched vulnerabilities in New Zealand providing threat actors with easy access.
- The report highlights the importance of strong security and quick responses in combating ransomware attacks, and the need for frequent backups and multi-factor authentication.
Introduction to Cybersecurity Incidents
The attack on ManageMyHealth is one of several recent cybersecurity hacks that have affected New Zealand. The hackers have threatened to release more than 400,000 documents stolen from about 126,000 patients if the private company fails to pay $60,000 by a specified deadline. This breach has prompted a government review of what happened, looking into whether security protections were sufficient, and any improvements that should be made. ManageMyHealth is seeking an injunction on the patient information being used publicly and is working to notify those affected.
Comparison to Other Cybersecurity Incidents
One of the most notorious attacks affecting New Zealand specifically is the Waikato District Health Board (DHB) incident, which received significant media attention due to its clear effect on local hospitals. The attack paralysed services at five hospitals in May 2021, after hackers brought down the District Health Board’s 611 servers and leaked private data from more than 4000 patients and employees on the dark web. Another notable example is the Tonga Health System, which was taken down for nearly a month in June 2025 by hackers demanding $1 million. The ransom was not paid, and Tonga got help from Australia to restore their system.
Case Studies and Cyber Threat Reports
The NCSC’s latest Cyber Threat Report highlights the increasing commercialisation of cybercrime, with known weaknesses and unpatched vulnerabilities in New Zealand providing threat actors with easy access. The report also notes that more than 40 percent of incidents the NCSC dealt with in the 2024/25 year had links to criminal or financially motivated attacks, compared to about 25 percent with suspected links to state-sponsored actors. The report illustrates how strong security and quick responses can be effective in combating ransomware attacks, using the example of an organisation that was able to recover quickly from a ransomware attack due to frequent backups and swift action.
Notable Cybersecurity Incidents
Other notable cybersecurity incidents include the WannaCry attack in 2017, which locked down more than 300,000 computers in more than 150 countries, and the Qantas breach in 2025, which affected 5.7 million customers. The Nissan cyber attack in 2024 affected about 100,000 customers, while the Latitude Financial breach in 2023 affected more than 14 million documents. The Mercury IT attack in 2022 saw Health NZ and the Ministry of Justice lose access to health and coronial files, while the Squirrel attack in 2024 exposed about 600 peer-to-peer investors’ passport or drivers’ licence details.
Government Response and Advice
The National Cyber Security Centre advises not paying ransoms to hackers, as many who pay do not get their data back or their systems unlocked. The centre also highlights the importance of strong security and quick responses in combating ransomware attacks, and the need for frequent backups and multi-factor authentication. The government has also taken steps to respond to cybersecurity incidents, including the alleged hacking of the Parliamentary Service and Parliamentary Counsel Office by a group called APT40 in 2021. Senior Minister Judith Collins revealed that the NCSC worked with the impacted organisations to contain the activity and remove the actor shortly after they were able to access the network.
Conclusion
In conclusion, the recent ransom hack on ManageMyHealth is one of several cybersecurity incidents that have affected New Zealand in recent years. The NCSC’s latest Cyber Threat Report highlights the increasing commercialisation of cybercrime and the need for strong security and quick responses to combat ransomware attacks. The government has also taken steps to respond to cybersecurity incidents, including advising against paying ransoms to hackers and highlighting the importance of frequent backups and multi-factor authentication. As cybersecurity threats continue to evolve, it is essential for organisations and individuals to remain vigilant and take proactive steps to protect themselves from these threats.
