**Cybersecurity Group Identifies Person Behind Manage My Health Hack**
The massive data breach involving the Manage My Health portal has reached a critical juncture, as a cybersecurity group claims to have identified the individual responsible for the hack.
The International Online Crime Coordination Centre (IOC3) has been tracking the hacker, known by their alias "Kazu", who demanded US$60,000 in exchange for the stolen data. The breach is considered one of the largest in New Zealand's history, with hackers gaining access to sensitive health information held by Manage My Health.
Manage My Health was granted a High Court injunction preventing anyone from accessing or sharing the stolen data. Kazu had previously published samples of the leaked information online, but all posts referring to Manage My Health have since been removed from their page.
The IOC3 has shared its investigation with Radio New Zealand and has alerted the authorities. However, they are being cautious not to jeopardize a potential further investigation by naming the individual believed to be behind Kazu or revealing details that could compromise the probe.
"We're just mindful that we're still looking into this individual, and we don't want to mistakenly drive this person underground by making them aware that there are these kinds of investigations ongoing into them," said Caden Scott, executive director of IOC3.
Scott emphasized that they want justice served for the crimes committed. "We definitely want justice. We want this person to be looked into and this person to be arrested as a result of their actions. They've definitely committed a plethora of crimes there, and this isn't the only attack that they've done. They've attacked numerous other institutions from across the entire globe."
Scott also highlighted the vulnerability of health companies in dealing with ransom demands. "When you look at healthcare institutions, or anything like that, especially ones that hold a lot of people's very personal data, often times they don't really have that choice in paying the ransom or not paying the ransom," he said.
Scott encouraged victims of ransomware attacks not to pay the hackers. "Paying that ransom doesn't guarantee that the data isn't going to be leaked," he warned. "They might ask you for half-a-million dollars, you pay that, and then they decide: 'Well, can also sell this database to everyone as well and make even more money'."
The National Cyber Security Centre's chief operating officer Mike Jagusch confirmed that they were aware of information in the public domain identifying those who've claimed responsibility for the attack on Manage My Health. They are working with police, Health New Zealand, and other agencies to reduce the impact of the breach and prevent further exploitation of the leaked data.
**What's Next?**
The IOC3 and the National Cyber Security Centre will continue to work together to identify Kazu and bring them to justice. The public is advised not to engage with the hackers or pay any ransom demands.
In related news, Manage My Health has been accused of ignoring warnings about lax security systems. IT experts claim that the health portal ignored vulnerabilities for years due to a regulatory vacuum.
**Stay Informed**
Subscribe to Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.