Hackers have demanded a ransom of about KSh 7.7 million after gaining access to sensitive health data belonging to thousands of people in New Zealand.
The cybercriminals claim they accessed health records of more than 100,000 users from the Manage My Health platform, a privately owned system used by patients to store medical and personal information. The company said the breach affected about six to seven percent of its 1.8 million users nationwide.
The data breach was discovered on December 30 after the company was alerted by one of its partners. New Zealand authorities have not yet identified the people behind the attack. However, a Telegram user known as “Kazu” has claimed responsibility, saying they accessed more than 428,000 files and shared samples online as proof.
The hackers initially demanded a ransom of 60,000 US dollars to stop the data from being released or sold. Media reports say the group later extended the payment deadline to Friday morning, saying they wanted to build a “good reputation” despite admitting the attack was financially motivated.
The hackers said they were not politically driven and described the cyberattack as a business operation. In a later online post, they also made unrelated political comments.
Manage My Health confirmed that personal details such as names, phone numbers, addresses, and medical documents may have been accessed. However, the company said appointment and prescription records were not affected.
The firm said it has identified all affected users and has already started notifying them. It did not confirm whether it would pay the ransom.
New Zealand Health Minister Simeon Brown has ordered a review into how the company handled the breach. He said the incident is worrying and stressed the need to strengthen the protection of health data.
Authorities say investigations are ongoing, and efforts are being made to prevent similar cyberattacks in the future.
