The Ransomware Attack on Manage My Health
New Zealand’s leading health management platform, Manage My Health, has recently fallen victim to a ransomware attack that marks a troubling chapter in the nation’s cybersecurity landscape. The incident involves the potential exposure of more than 400,000 documents connected to approximately 126,000 patients, with the attackers demanding a ransom of $60,000 by 5 AM on Tuesday or they will release the stolen data.
This breach has prompted a government investigation into the security measures currently in place, examining their sufficiency and future recommendations for improvements. As part of the response, Manage My Health is seeking a legal injunction to prevent the public release of the compromised information, while actively notifying affected individuals.
To tackle the threat, the company is collaborating with Health NZ, the Ministry of Health, and the Privacy Commissioner, as well as general practitioners, to ensure that ongoing risks are mitigated. The National Cyber Security Centre (NCSC) recently highlighted the troubling trend of cybercrime commercialization in its latest Cyber Threat Report.
During the 2024/25 reporting period, more than 40% of incidents managed by the NCSC were attributed to criminal motives, a stark contrast to the 25% linked to state-sponsored actors. Financially driven cyberattacks surged, with losses reported to have increased from $26.9 million to $21.6 million compared to the previous year. The NCSC cautions victims against complying with ransom demands, noting that many who do not recover their data often face further extortion regarding sensitive information.
The report also highlighted the rising threats stemming from artificial intelligence, simplifying the raiding of systems for even less technically skilled actors. The speed and scope of these AI-driven assaults pose significant challenges to traditional security defenses, underlining the need for robust cybersecurity hygiene. A proactive response must consistently outpace the threat posed by automation, as the stakes escalate.
Such breaches invoke comparisons to other significant security incidents in New Zealand. For example, the Waikato District Health Board’s attack in May 2021 incapacitated services across five hospitals and resulted in sensitive information about thousands being leaked on the dark web. Despite prior warnings about outdated security measures, the DHB found itself incapacitated for weeks, struggling to restore normal operations.
Examining Past Cybersecurity Incidents
The incident recalls similar breaches in the region, such as the ransomware attack on Tonga’s health system in June 2022, during which the hospital’s operations were brought to a standstill for nearly a month by a $1 million ransom demand. This prompted Australia to step in and assist in restoring clinical functionality while patients were advised to revert to handwritten records.
Successful recovery from ransomware attacks often relies on diligent groundwork. A case highlighted in the NCSC’s report described how an organization mitigated damage following a ransomware breach. Although unauthorized access was gained due to a lack of multi-factor authentication, timely backups allowed a rapid restoration of services.
In contrast, the WannaCry incident of May 2017 exemplified the widespread disruption that can stem from such attacks. Effecting over 300,000 computers across 150 nations and targeting the UK’s National Health Service, this attack severely hindered hospital operations, resulting in substantial cancellations and lost appointments.
The ramifications of such attacks extend beyond healthcare. Notably, incidents affecting the financial sector and other industries reveal the pervasive nature of cybersecurity vulnerabilities. The 2023 Latitude Financial breach, which impacted over 14 million records, and the 2024 Nissan cyber assault illustrate the variety of sectors grappling with potential exposure.
As the landscape of cyber threats evolves, business owners must remain vigilant and informed about the techniques adversaries may employ. Insights from the MITRE ATT&CK matrix indicate that tactics such as initial access—through phishing or exploitation of vulnerabilities—persistence, and privilege escalation could be relevant in understanding how attackers orchestrated their strategies during these breaches. Protecting sensitive data requires comprehensive strategies that not only address current vulnerabilities but will also ensure robust defenses against future incursions.
