New Zealand's Health Sector Under Siege: A Ransomware Crisis
The recent hack on New Zealand's ManageMyHealth portal has sent shockwaves through the country, but is it the worst cyberattack in the nation's history? With over 400,000 documents at stake, the incident has sparked a government review, leaving many to wonder: how secure is our health data?
The ManageMyHealth Hack:
The story begins with a ransom demand. Hackers threatened to release sensitive information from approximately 126,000 patients unless a private company paid $60,000 by a set deadline. This breach has triggered a government investigation into security measures and potential improvements.
ManageMyHealth is taking legal action to prevent public disclosure of patient data and is working to notify affected individuals. They're collaborating with Health NZ, the Ministry, the Privacy Commissioner, and General Practice to mitigate ongoing risks.
The Rising Threat:
The National Cyber Security Centre's (NCSC) latest report highlights a disturbing trend: the commercialization of cybercrime. New Zealand's known vulnerabilities are providing easy access to threat actors. In the 2024/25 year, over 40% of incidents handled by NCSC had criminal or financial motivations, a significant increase from the previous year. Financial losses soared, and the number of criminally motivated attacks more than doubled.
The Waikato DHB Attack:
One of the most notorious attacks on New Zealand's health sector occurred in May 2021. Hackers paralyzed services at five hospitals by taking down the District Health Board's servers. Weeks later, they leaked private data from thousands of patients and employees on the dark web. This attack, like the ManageMyHealth breach, utilized ransomware to shut down internal systems.
The Tonga Health System Breach:
In June 2025, Tonga's health system was held hostage for nearly a month by hackers demanding a $1 million ransom. Tonga refused to pay and sought assistance from Australia to restore their system. Patients were asked to bring handwritten notes as their digital records were inaccessible.
Case Study: A Successful Defense:
The NCSC report highlights a case where strong security and swift action prevented a ransomware attack in the health sector. The organization's IT provider took immediate steps, including changing credentials and deploying extra security measures. The report emphasizes the importance of multi-factor authentication (MFA), which was lacking and allowed the hacker to gain access. Fortunately, frequent system backups enabled the organization to recover quickly.
Global Attacks, Local Impact:
The WannaCry attack in 2017 locked down computers worldwide, affecting over 300,000 machines in 150 countries. The UK's health service was hit hard, with thousands of appointments canceled. In New Zealand, the Lyttelton Port was shut down as a precaution. This attack exposed vulnerabilities in medical device management, which experts warned would be a challenge for health boards.
Beyond Health Data:
New Zealanders have also been affected by breaches in other sectors. In 2025, a hack on Qantas exposed personal data of millions of customers, including New Zealanders. The Nissan cyber attack in 2024 compromised data from 100,000 customers in Australia and New Zealand. These incidents highlight the widespread impact of cyberattacks.
Supply Chain Hacks:
The NCSC report identifies a growing trend of "supply chain hacks" targeting third-party suppliers. In 2022, an attack on Mercury IT, a provider for Health NZ and the Ministry of Justice, resulted in the loss of access to health and coronial files. Similarly, mortgage broking firm Squirrel was targeted, exposing passport and driver's license details of investors.
Political Intrigue:
In 2024, Senior Minister Judith Collins revealed that the Parliamentary Service and Parliamentary Counsel Office were allegedly targeted in 2021 by a Chinese-linked group. This followed an earlier accusation by her predecessor, who blamed China for an attack on Microsoft Exchange email software. China has denied these claims, calling them groundless and irresponsible.
The NZX Attack:
In August 2020, the New Zealand stock exchange faced repeated Distributed Denial of Service (DDoS) attacks, disrupting trading for days. These attacks leverage large volumes of internet traffic to overwhelm targets and have been used to demand ransoms.
Unintentional Glitches, Global Impact:
The Crowdstrike incident in 2024, caused by errant code in a security update, disrupted services worldwide, including airlines, healthcare, and transport networks. New Zealand was affected but avoided some of the worst consequences.
As cyber threats evolve, New Zealand's health sector and beyond must adapt. The question remains: how can we stay one step ahead of these ever-evolving threats? Share your thoughts on the country's cybersecurity challenges and potential solutions in the comments below.
