Manage My Health: Why the Manage My Health hacker set a low ransom and what it says about NZ’s cyber risk - The Front Page

A major online security breach has raised concerns about the safety of our private information online.

Manage My Health’s health portal systems were compromised over the New Year holiday, putting the data of over 120,000 users at risk.

NZ Herald senior journalist David Fisher told The Front Page the individual who has claimed responsibility for the attack goes by the name “Kazu”.

“I contacted the person claiming to be the hacker and interviewed them via Telegram, the social messaging app. They have said that they had gone out on their own and prior to that had operated under a different handle.

“We do know that they have been involved in other hacks or that they have been the recipient of hacked information in the past. They’ve said to me that they have received payment for that and that it is a viable business model for them,” he said.

“Don’t worry, this will be over soon, and everyone will be satisfied,” the person identifying as the hacker Kazu told Fisher.

The ransom demand was set at US$60,000 ($103,500).

“We do know that Kazu claimed to be in negotiations last week ... It’s very often left unknown whether or not these payments are made, and there have been places in the past, not necessarily in New Zealand, that have denied making payments and then evidence has emerged later that they have done it.

“One of the things that was puzzling about the Kazu hack was that the amount of money was seen as very small for the sort of information that was available. I talked to Kazu about that, and what was relayed back to me was that that’s part of the model. Don’t make it too painful, make it easy,” he said.

Adam Burns, of security company Blackveil, told the Herald he voluntarily tested the website and app for his own interest after the hack was made public, and that he found flaws in both.

“From the research that I did, there were some big gaps that should have been plugged a long time ago.

“There are basic, fundamental domain issues ... There were a number of gaps that I would consider to be required for any organisation, but especially a health organisation dealing with patient records and such.

“This time of year, New Zealand becomes a target just because of the great Kiwi shutdown, so I don’t think we are much of a target until this time of year, and I’ve actually got data to prove that.

“With this news breaking, I would say we’ll be even more of a target now,” he said.

Listen to the full episode to hear more about:

• Weaknesses in online services
• A widespread, global problem
• Automation, AI, and the Wild West of the Internet
• What people can do to keep their information safe online.

The Front Page is a daily news podcast from the New Zealand Herald, available to listen to every weekday from 5am. The podcast is presented by Chelsea Daniels, an Auckland-based journalist with a background in world news and crime/justice reporting who joined NZME in 2016.

You can follow the podcast at iHeartRadio, Apple Podcasts, Spotify or wherever you get your podcasts.