A cyberattack on Manage My Health, a New Zealand healthcare provider, has exposed the sensitive personal data of thousands of patients, prompting a global investigation into the perpetrator known online as “Kazu.” The breach, which occurred earlier this month, underscores the escalating threat to healthcare institutions worldwide.
Ransomware Attack Exposes Patient Data, Fuels International Hunt
A sophisticated cybercriminal is targeting healthcare providers, raising concerns about data security and the ethics of paying ransom demands.
- The International Online Crime Co-ordination Centre (IOC3) is actively tracking “Kazu,” the individual believed to be responsible for the Manage My Health breach.
- Healthcare organizations are particularly vulnerable to ransomware attacks due to the critical nature of the data they hold.
- Experts advise against paying ransom demands, as it doesn’t guarantee data security and may encourage further attacks.
- Authorities are working to identify and arrest the individual behind the attacks, who has targeted institutions globally.
Q: What makes healthcare data so attractive to cybercriminals?
A: Healthcare institutions possess highly sensitive personal information, making them prime targets for ransomware attacks where the potential for financial gain is significant, and the consequences of data leaks are severe.
The International Online Crime Co-ordination Centre (IOC3) has been tracking “Kazu” following the breach. IOC3 executive director Caden Scott explained the delicate balance investigators face. “We’re just mindful that we’re still looking into this individual, and we don’t want to mistakenly drive this person underground by making them aware that there are these kinds of investigations ongoing into them,” Scott said.
Scott emphasized the severity of the situation, stating, “We definitely want justice. We want this person to be looked into and this person to be arrested as a result of their actions. They’ve definitely committed a plethora of crimes there, and this isn’t the only attack that they’ve done. They’ve attacked numerous other institutions from across the entire globe.”
According to Scott, healthcare organizations often have limited options when confronted with ransom demands. “When you look at healthcare institutions, or anything like that, especially ones that hold a lot of people’s very personal data, often times they don’t really have that choice in paying the ransom or not paying the ransom,” he said. “These are very sensitive topics and very sensitive information, so a lot of times it’s best to do whatever possible to stop that information getting out.”
IOC3 strongly discourages victims from paying ransom demands. “Paying that ransom doesn’t guarantee that the data isn’t going to be leaked,” Scott warned. “They might ask you for half a million dollars, you pay that, and then they decide: ‘Well, we can also sell this database to everyone as well and make even more money’.” He advocates for involving law enforcement instead.
The National Cyber Security Centre is also involved in the investigation. Its chief operating officer, Mike Jagusch, confirmed the agency is aware of publicly available information identifying those claiming responsibility for the attack on Manage My Health. Jagusch stated the Centre is collaborating with police, Health New Zealand, and other agencies to mitigate the breach’s impact and prevent further data exploitation.
“At the National Cyber Security Centre, we have a range of tools and information it uses to help establish the identity of malicious actors,” Jagusch said. “This process is called attribution, and it can be very complex. It requires significant analysis to have the necessary level of confidence to attribute activity to an actor or group.” He added that public attribution is a government-wide decision made when it serves the national interest.
Prior to this month, posts referencing Manage My Health had been removed from the page where “Kazu” had previously published samples of the leaked information.
