Justice for Patients: Cybersecurity Group Identifies “Kazu” Hacker in Manage My Health Breach
By Lions Roar Aotearoa Cyber-Security Bureau
AUCKLAND, NEW ZEALAND (Friday, January 30, 2026) — In a dramatic breakthrough following one of the most significant privacy breaches in New Zealand’s history, an international cybersecurity task force claims to have unmasked the individual responsible for the Manage My Health data heist.
The hacker, operating under the alias “Kazu,” has been the subject of a global manhunt since breaching the privately-owned patient records portal and demanding a US$60,000 ransom to withhold the sensitive medical data of thousands of New Zealanders.
🕵️ The Investigation: Tracking “Kazu”
The International Online Crime Coordination Centre (IOC3), a group dedicated to fighting online harm such as fraud and extremism, has been tracking the hacker across the digital landscape.
- Identity Found: IOC3 Executive Director Caden Scott confirmed the group has identified the person behind the “Kazu” persona.
- Global Menace: Scott revealed that Manage My Health was not a standalone target; the individual is believed to have attacked numerous institutions globally.
- Alerting Authorities: The group has shared their findings with the New Zealand Police and the National Cyber Security Centre (NCSC) but is withholding the suspect’s name to prevent them from “going underground.”
🛡️ The Legal and Official Response
New Zealand authorities are currently in a race to mitigate the damage while building a solid case for prosecution.
- High Court Injunction: Manage My Health successfully obtained an injunction that legally prohibits anyone from accessing, downloading, or sharing the stolen data samples.
- Government Attribution: NCSC Chief Operating Officer Mike Jagusch stated that while they are aware of the identification claims, formal “attribution” is a complex process. The government must have a high level of confidence before publicly naming a malicious actor.
- The “No Ransom” Policy: IOC3 and the NCSC strongly advise against paying ransoms. “Paying doesn’t guarantee the data won’t be leaked,” Scott warned. “They might take your money and sell the database anyway.”
📊 Impact of the Breach
| Feature | Details |
| Primary Target | Manage My Health (Patient Records Portal) |
| Stolen Data | Highly sensitive medical history and personal info |
| Ransom Demand | US$60,000 |
| Legal Status | High Court Injunction in place |
| Current Lead | “Kazu” (Identified by IOC3; formal attribution pending) |
⚠️ What Should Victims Do?
Health officials urge anyone who uses Manage My Health to remain vigilant. If sensitive data has been leaked, it could be used for further exploitation, such as targeted phishing or identity theft.
“We definitely want justice,” says Caden Scott. “We want this person to be looked into and arrested as a result of their actions.”
