Manage My Health Data Breach: 400,000 Files Stolen as Experts Warn of Scams and Victim Trauma

By Lions Roar News Investigative Team

AUCKLAND, NZ (January 6, 2026) — New Zealand’s healthcare sector is on high alert as the fallout from the massive Manage My Health data breach intensifies. With over 400,000 sensitive documents stolen and a ransom deadline looming, security experts and victim advocates are warning that the danger extends far beyond mere data loss.

While the initial Tuesday morning ransom deadline of US$60,000 has passed without a public data dump, unverified reports suggest a new deadline has been set for 5:00 AM this Friday.

🛡️ Netsafe’s Warning: Beware the “Raised Level of Suspicion”

Netsafe’s Chief Online Safety Officer, Sean Lyons, has issued an urgent warning to all Manage My Health users. Hackers are expected to use the stolen data—which includes names, addresses, dates of birth, and potentially passport scans—to craft highly convincing phishing scams.

• The Tactic: Scammers may include your specific private details (like your NHI number) to pose as your GP or a government agency.
• The Goal: To trick you into providing more information or paying money under the guise of “securing” your account or avoiding legal action.
• Advice: “Don’t give in to the pressure,” says Lyons. If you receive a suspicious email, contact your GP or the relevant agency directly using a verified phone number—never use the contact methods provided in the suspicious email.

💔 The Human Cost: Terror for Trauma Survivors

Beyond the technical risks, advocate Claire Buckley highlights a “shocking” potential for re-traumatization. For the 120,000 people directly affected, the breach isn’t just about identity theft—it’s about physical safety.

• Ongoing Terror: Victims of sexual violence and family harm are living in fear that their addresses or graphic medical notes could be leaked to the dark web or accessed by abusive ex-partners.
• Clinical Impact: There are growing fears that this breach will discourage survivors from being honest with their doctors. “People in desperate need might not want their information stored on a system they can’t trust,” Buckley warned.
• The Ransom Dilemma: While victims often plead for the ransom to be paid to protect their privacy, experts warn this fuels a “vicious cycle” that encourages hackers to target medical platforms again.

📑 Current Status and Accountability

Manage My Health has identified the specific general practices affected but has not yet confirmed when individual patients will be notified. The company has apologized for the “pain and anxiety” caused and promised daily updates moving forward.

“Our priority was to secure patient data and work on the accuracy of all information before providing it to practices and patients,” a spokesperson stated, adding that the ransom demand is now a matter for the police.