Cyber Security Breach Hits ManageMyHealth: Over 400,000 Patient Files Allegedly Compromised
By Lions Roar News Desk | December 31, 2025
AUCKLAND — New Zealand’s primary patient portal, ManageMyHealth, is currently investigating a significant cyber security breach that has potentially exposed the sensitive medical data of hundreds of thousands of New Zealanders.
The portal, used by over 1.85 million Kiwis to book appointments and view medical records, confirmed “unauthorised access” to its systems in a statement released on its website on December 30.
The Breach: What We Know So Far
A notorious cyber-extortion group known as the Kazu Group has claimed responsibility for the attack. The group allegedly exfiltrated approximately 108 GB of data, totaling over 428,000 individual files.
According to reports from cybersecurity monitors, the stolen data is said to include:
- Personal Identity: Full names and contact details.
- Clinical Records: Detailed medical histories, lab test results, and prescription data.
- Communications: Private messages between patients and their healthcare providers.
- Schedules: Past and future appointment logs.
The hackers have reportedly set a ransom deadline of January 15, 2026, demanding payment to prevent the data from being leaked on the dark web.
ManageMyHealth Response
The service provider stated that it took immediate “containment steps” once the breach was identified. “We are working with our partners and relevant authorities and will provide further updates through formal statements as information is confirmed,” the company said.
ManagedMyHealth is currently coordinating with CERT NZ, the Privacy Commissioner, and Health New Zealand (Te Whatu Ora) to assess the full extent of the exposure.
What Should Patients Do?
While the investigation is ongoing, cyber experts recommend that all ManageMyHealth users take the following precautions immediately:
- Change Passwords: Update your ManageMyHealth password and ensure it is unique.
- Enable MFA: If available, turn on multi-factor authentication.
- Be Phishing-Aware: Watch for suspicious emails or texts claiming to be from health providers asking for personal details.
- Monitor Accounts: Keep a close eye on your bank accounts and identity for any unusual activity.
