Hackers claiming to have accessed the health records of more than 100,000 New Zealand have extended a ransom deadline, saying they want to build a “good reputation” in the cybercriminal community. The breach targeted the privately owned Manage My Health platform, which confirmed that 6% to 7% of its 1.8 million users had their data accessed.
Read More: Hacker attacks PFSA; 900 GB data infringed
The platform discovered the cyberattack on December 30 after being alerted by a partner. A Telegram user calling themselves “Kazu” claimed to have broken into over 428,000 files, offering samples for download and initially demanding a ransom of US$60,000 to prevent the release or sale of the data. The ransom deadline, originally set for Tuesday, has now been postponed to Friday.
MANAGE MY HEALTH HACKING RANSOM DEADLINE HAS PASSED….
Around 6am this morning (Tuesday) the deadline for paying hackers the ransom for (supposedly) securing the 400,000 plus personal medical files STOLEN, passed.
The ransom has not been paid and will not be paid.
Hackers… pic.twitter.com/TOUOYOUt6p
— NZ and the MRNA (@HopeRising19) January 5, 2026
“Kazu” insisted that the attack was financially motivated rather than politically driven, stating, “We know exactly how valuable health data is and how sensitive it can be… Our main goal is money and building a good reputation in the community.” The hacker also referenced global events in their posts, including the US capture of Venezuela’s president, though no political motive was claimed.
Manage My Health said patient medical records were accessed, but medical appointment and prescription information remained unaffected. The company has identified and notified affected patients, while a full update on ransom negotiations has not been provided.
New Zealand Health Minister Simeon Brown has ordered a review into the platform’s response to the breach, highlighting the importance of safeguarding sensitive medical information. “We need assurances around the protection and security of people’s health data,” Brown said. “We must learn from this incident to avoid any repeat events in the future.”
Read More: FBI warns of hackers using AI to impersonate US officials
Authorities have not identified the suspects, and investigations are ongoing, raising concerns over the security of private health data and potential risks from cybercrime in New Zealand.