A major cyber-attack on New Zealand’s largest private health portal has renewed concerns about how prepared organisations are to protect sensitive data in an era of rising digital crime. ManageMyHealth is facing a ransom demand after hackers threatened to release more than 400000 documents linked to around 126000 patients unless $60000 was paid by 5am Tuesday. The incident has triggered a government review into whether security protections were adequate and what improvements may be required. The company is seeking an injunction to stop patient data being shared publicly and is working with Health NZ the Ministry the Privacy Commissioner and general practices to reduce further risk.
The National Cyber Security Centre’s latest threat report highlights a sharp rise in criminal and financially motivated attacks. More than 40% of incidents handled in 2024/25 had criminal or financial links compared with about 25% tied to suspected state actors while 34% could not be attributed. Such attacks more than doubled from the previous year although reported financial losses fell from $26.9m to $21.6m. The agency continues to warn against paying ransoms stating “Unfortunately many of those who pay do not get their data back or their systems unlocked and sometimes they are extorted further with the threat of releasing sensitive data.” The report also notes AI has made attacks faster and easier warning that “The scale and speed of AI driven attacks could overwhelm traditional security teams especially if basic cyber hygiene is lacking.”
Health sector incidents remain among the most disruptive. In May 2021 the Waikato District Health Board attack shut down 611 servers across 5 hospitals and later exposed data from more than 4000 patients and staff. Services were disrupted for months. Tonga’s health system was also hit in 2025 with systems down for nearly a month after a $1m ransom demand which was not paid. The report also cites a lesser known case where recent backups allowed rapid recovery after ransomware encrypted systems and stole data though the lack of multi factor authentication had enabled access.
Beyond healthcare New Zealanders have been affected by global and local breaches. These include the 2017 WannaCry attack the 2020 NZX disruption the 2023 Latitude Financial breach exposing millions of records and supply chain attacks such as Mercury IT in 2022 and Squirrel in 2024. Airline and automotive customers were also impacted through the Qantas and Nissan incidents. Authorities have also accused a China linked group of targeting parliamentary systems while China has denied the claims. Together these cases underline how cyber threats continue to evolve and why strong basic security remains critical.
Also read: Viksit Workforce for a Viksit Bharat
Do Follow: The Mainstream formerly known as CIO News LinkedIn Account | The Mainstream formerly known as CIO News Facebook | The Mainstream formerly known as CIO News Youtube | The Mainstream formerly known as CIO News Twitter
About us:
The Mainstream is a premier platform delivering the latest updates and informed perspectives across the technology business and cyber landscape. Built on research-driven, thought leadership and original intellectual property, The Mainstream also curates summits & conferences that convene decision makers to explore how technology reshapes industries and leadership. With a growing presence in India and globally across the Middle East, Africa, ASEAN, the USA, the UK and Australia, The Mainstream carries a vision to bring the latest happenings and insights to 8.2 billion people and to place technology at the centre of conversation for leaders navigating the future.
