-
Government Response: New Zealand’s health minister has mandated a formal inquiry into a serious cyberattack on the ManageMyHealth platform.
-
Patient Data Compromised: The breach may involve over 100,000 patients, with claims that the stolen data includes sensitive information such as passport scans, body images, and other health records.
-
Ransom Demands: The threat actor, identified as “Kazu,” has taken responsibility for the attack, demanding a ransom of $60,000 while threatening to release the compromised data.
The New Zealand government is investigating a major data breach involving the ManageMyHealth platform. Health Minister Simeon Brown has called for a comprehensive review of the cyber incident, which has affected a private health system utilized by healthcare providers nationwide to manage the records of approximately 1.8 million individuals.
This breach is projected to impact over 100,000 patients, triggering an immediate and extensive governmental response aimed at aiding the affected company and comprehensively assessing the ramifications of the incident.
Details of the Cybersecurity Incident
The cyberattack was publicly claimed by an adversary operating under the alias “Kazu,” who made an announcement in a cybercrime forum on December 30, subsequently sharing samples via Telegram, as reported by RNZ. This individual reportedly accessed the medical documents section of the ManageMyHealth application, extracting over 428,000 files and issuing a ransom demand of $60,000.
An independent IT consultant analyzing initial data samples indicates that the information potentially intercepted is extremely sensitive. This includes passport scans, clinical notes, lab results, and nude patient images. Although ManageMyHealth has not verified the exact types of data exposed, they have disclosed that about 7% of patients have been affected and have sought a legal injunction to prevent further dissemination of any leaked content.
Implications for New Zealand Cybersecurity
This significant healthcare data breach has thrown New Zealand’s cybersecurity protocols into stark relief. Minister Brown has expressed profound concern regarding the exposure of such sensitive personal health information, emphasizing the critical need for enhanced security measures. He stated, “This is a major wake-up call regarding the safeguarding of private health data, which must be secured effectively to maintain patient trust.”
ManageMyHealth has engaged independent cybersecurity experts and is actively coordinating efforts with the Privacy Commissioner, New Zealand Police, and Health New Zealand to address the breach. This incident parallels recent cybersecurity challenges faced by other organizations, such as the NHS Tech Provider DXS International, which confirmed a data breach attributed to the DevMan Ransomware group last month.
Through this lens of heightened scrutiny, it is essential to understand that adversaries may have employed several techniques from the MITRE ATT&CK framework during this breach. Initial access might have been achieved through phishing or exploitation of software vulnerabilities. The persistence of access could have been maintained through backdoors, and privilege escalation techniques might have been employed to navigate and extract data from sensitive systems. The implications of such tactics highlight the critical need for bolstered cybersecurity measures within the healthcare sector, where the stakes involve both personal health information and patient trust.
