Documents from Waikato District Health Board appear to have been released onto the dark web after the ransomware attack that crippled five hospitals' IT systems in May.
RNZ has been shown screenshots of what appears to be a link to a directory of sensitive information.
The list of documents suggests it includes data of patients and staff.
It has been six weeks since a ransomware attack crippled its systems and forced a massive overhaul of its operations.
The ransomware attack brought the DHB's hospitals and services to a grinding halt and staff have had to resort to manual workarounds to continue caring for patients.
Some people needing specialist treatment have had to travel to other DHBs.
IT security expert Daniel Ayers told Midday Report he had a look at the file structure - without viewing personal information - and confirmed it is from the DHB.
He said the documents included correspondence, medical records, and financial data.
"I do note that some of the material in this leak does match some of the information that was previously released to media."
He said this could be an act of retaliation for the ransom not being paid.
"There's a substantial amount of information here and the fact that it is being made public is obviously concerning."