ManageMyHealth data breach exposes 126,000 patients health records

ManageMyHealth, New Zealand's largest patient information portal, has confirmed a data breach affecting between 108,000 and 126,000 users after a cybercrime group claimed to have stolen approximately 108 gigabytes of health data and demanded a $60,000 (NZ104,000) ransom. The breach, which occurred on New Year's Eve, targeted the platform's Health Documents module and may have exposed sensitive medical records, including diagnoses, prescriptions, and appointment histories for roughly 6% to 7% of the service's 1.8 million registered users.

What happened

On Tuesday, December 31, 2025, ManageMyHealth identified unauthorized access to its systems. The company confirmed the cyber security incident the following day, stating that containment steps had been taken and that the matter was under active investigation.

A cybercrime group calling itself "Kazu" has claimed responsibility for the attack, alleging it compromised approximately 108 gigabytes of information totaling over 400,000 files. The group has set a ransom demand of $60,000 to be paid by January 15, 2026.

ManageMyHealth later confirmed that the breach was limited to one module within the platform, Health Documents, rather than the entire application. The company engaged independent international forensic consultants to verify the solution and determine the extent of the compromised data.

Chief executive Vino Ramayah stated the company had notified the Office of the Privacy Commissioner and was working with authorities to meet obligations under privacy legislation. Police were also informed of the breach.

The big picture

ManageMyHealth serves as a digital health infrastructure across New Zealand, connecting patients with clinicians and enabling users to access medical records, book appointments, view test results, manage prescriptions, and communicate securely with healthcare providers. The platform is deeply integrated with GP practices and health clinics nationwide, making it central to how many New Zealanders manage their everyday health needs.

Why it matters

Medical records can contain diagnoses, treatment histories, prescription information, and contact details that criminals can exploit for identity theft, insurance fraud, or targeted extortion.

Cybersecurity expert Daniel Ayers described the breach as "catastrophic on the New Zealand scale," noting it appears significantly larger than the 2021 Waikato DHB ransomware attack that affected just over 4,000 people.

The ransomware threat adds urgency to the situation. Similar attacks on New Zealand health organizations, including the Waikato DHB incident, have demonstrated that threat actors will follow through on data publication threats when ransom demands go unmet.

What they're saying

ManageMyHealth CEO Vino Ramayah acknowledged the severity of the incident, "We understand how personal and sensitive health information is, and we recognise the stress an incident like this can cause. Our team is working hard to identify those affected, and to communicate directly and transparently."

Health Minister Simeon Brown described the breach as "concerning" but emphasized that government systems remained secure. "At this stage, there is no evidence any HNZ systems, including My Health Account, have been compromised as ManageMyHealth has separate systems. ManageMyHealth and government agencies are working closely together to fully understand the scope of the breach and to protect the privacy of patients."

Duty minister Karen Chhour called the breach "incredibly concerning" for patients, stating,  "The minister of health has asked for urgent assurances from Health NZ and Manage My Health that everything is being done to protect patient data and patient privacy. We also expect Manage My Health to communicate transparently to ensure public confidence in their product."

Dr. Luke Bradford, president of the College of GPs, criticized the lack of communication to healthcare providers, "It's terribly disappointing. They're an absolutely key tool that we use for patients. It allows patients to access their records and better manage their health, literally. But if their data's not safe, then their very personal information is not safe, and that's really concerning."

FAQs

What is a patient portal?

A patient portal is an online platform that gives patients secure access to their personal health information and healthcare services. These systems allow users to view medical records, test results, and prescriptions, book appointments, request medication refills, and communicate with healthcare providers. 

What is ransomware?

Ransomware is malicious software that encrypts an organization's files or steals data, with attackers demanding payment in exchange for decryption keys or to prevent publication of stolen information. Modern ransomware groups often employ "double extortion" tactics, both encrypting systems and threatening to release stolen data if demands are not met.

What is data exfiltration?

Data exfiltration refers to the unauthorized transfer or theft of data from an organization's systems. Attackers may copy sensitive information to external servers before deploying ransomware or demanding payment, allowing them to threaten publication of stolen data even if the victim restores systems from backups.