The Privacy Commissioner is warning that criminals responsible for a crippling ransomware attack on Waikato DHB are likely to release further personal information about patients.
John Edwards is asking people to "do the right thing" if they are sent people's personal details as a result of the breach.
Last week's cyber attack crippled the DHB's IT systems and significantly disrupted health services.
Cancer patients are being transferred around the country for treatment and non-urgent elective surgery has been postponed.
DHB bosses have confirmed that the hackers seized patient and staff information. Some files which contained the personal details of patients were sent to various NZ media outlets, including the Herald.
Edwards advised the public to inform the Ministry of Health or police if they are sent personal information, either about themselves or others, and seek advice on whether to delete it.
He warned that the hackers were likely to publish and circulate the information further.
"The information that has been taken is likely to be sensitive personal information. This is likely to be causing a great deal of anxiety to the people affected.
"It is vital that people respect the personal information of others. Treat the information as you would expect others to treat yours if it were disclosed to you. If you receive personal information which is about other people, you should inform the Ministry of Health and NZ Police."
Several media agencies were contacted this week by a group claiming responsibility for the cyber attack, via an email with attached files containing patient and staff information. The Herald has provided the email to police.