CYBER EMERGENCY: Hackers Slash Deadline to 48 Hours for ‘Manage My Health’ Ransom
Original Reporting by: Stuff Reporters First Published by: Stuff (January 4, 2026)
By Lions Roar News Tech & Security Desk
AUCKLAND, NZ (January 4, 2026) — The cyber crisis surrounding Manage My Health has taken a terrifying turn today as hackers have drastically shortened the deadline for a ransom payment. The group responsible now threatens to release the sensitive medical records of 120,000 New Zealanders within the next 48 hours.
The attack, which began on December 30, has already seen “deeply personal” files leaked onto the dark web as a warning. While the initial deadline for the US$60,000 ($104,000) ransom was set for January 15, that timeline has now been scrapped in favor of an immediate ultimatum.
⏳ The 48-Hour Ultimatum
On Sunday morning, a dark web account linked to the hackers, known as “Kazu Breach,” posted a chilling update:
“If they do not pay the ransom within the next 48 hours, we will leak everything.”
This sudden escalation puts immense pressure on Manage My Health and national security agencies. The health portal is a cornerstone of New Zealand’s digital healthcare infrastructure, used by approximately 1.8 million Kiwis to manage prescriptions, lab results, and appointments.
⚖️ Manage My Health & Police Response
Manage My Health has remained firm on its stance regarding the ransom, stating that such negotiations are a matter for the New Zealand Police.
A spokesperson for the portal told Stuff that they are initiating legal action to protect client data, stating that “any private data posted online without permission will be subject to takedown orders.” However, experts note that once data is disseminated across the dark web, “takedown orders” are notoriously difficult to enforce.
🛡️ What Users Need to Do NOW
With the 48-hour clock ticking, Manage My Health is urging its 1.8 million users to take immediate defensive steps:
- Reset Passwords: Change your Manage My Health password immediately.
- Enable 2FA: Turn on Two-Factor Authentication (2FA) for added security.
- Monitor Medical Activity: Be on high alert for unusual medical bills, insurance claims, or unexpected letters from healthcare providers.
- Report Suspicious Calls: If you receive “phishing” calls or emails, report them to CERT NZ (cert.govt.nz) or the NZ Police (police.govt.nz).
