Source: Radio New Zealand
The hackers, calling themselves ‘Kazu’, have now taken down all posts relating to the Manage My Health hack. Supplied
Explainer – The hackers behind the cyber attack on Manage My Health have a track record of targeting other institutions – from the Nepali police to a US medical records company.
The cyber attack on Manage My Health has dominated local headlines since New Year’s Eve.
The ransomware group behind the attack, Kazu, demanded $US60,000 after hundreds of thousands of medical files were stolen from the country’s largest patient portal.
More than 120,000 of its users have been affected by the massive data breach.
It was believed the deadline to pay expired at 5.37am on Tuesday, however unverified reports now appear to put the new deadline at 5am on Friday morning. The hacker has not leaked any further data since initially releasing a sample of the stolen documents on December 30.
But who are Kazu? And just how prolific are the hackers?
Firstly, it’s unclear if Kazu is a single hacker or a group.
In July 2025, a digital forensics and cyber security company in Nepal reported a hacker going by the name Kazu allegedly stole 1.4TB of data from the Nepali Ministry of Education, Science, and Technology, including student information and academic transcripts.
RNZ / Finn Blackwell
The company, Cyber Alert Nepal, reported the data was posted publicly after demands were ignored.
Nepali media reported that local police lost photos, passports, and personal identification information of Nepali citizens in another hack.
Four months later, the Doctor Alliance in Dallas, Texas, was targeted, after a hacker – also calling themselves Kazu – claimed to have stolen 1.24 million files, demanding $US200,000 as ransom, according to an American HIPAA Journal.
The journal also said Kazu had targeted victims in Argentina, Bolivia, Costa Rica, Iran, Mauritania, Mexico, Sri Lanka, Thailand, and Venezuela.
A ransomware tracking website also claimed Kazu had targeted the Colombian National Civil Service Commission, as well as companies in Saudi Arabia and the UK.
A messaging platform attributed to Kazu lists a number of prior targets from 2025.
The channel appears to include the leaks from Nepal, and the Doctor Alliance, as well as the Colombian Ombudsman, the Thai Department of Agricultural Extension, the Kuwait Ministry of Public Works, and the Bolivian Navy and many more.
Alleged samples of the data have also been posted on the channel.
There was also a post from 6 January, in which Kazu wrote ‘Free Nicolás Maduro !!!!!’, following the capture of the Venezuelan President by the United States last week.
The author of the account claims to be in Cuba, according to a now deleted post.
Meanwhile in New Zealand, Manage My Health has been granted a High Court injunction preventing anyone from accessing or sharing the stolen data.
All posts referring to the Manage My Health hack have been removed from an account purporting to be used by Kazu on Wednesday morning.
Official advice from the Department of the Prime Minister and Cabinet strongly discouraged paying out ransoms to cyber criminals, and urged anyone targeted to report ransoms to the relevant agencies.
Cabinet agreed government agencies would not pay cyber ransoms.
“Paying a ransom does not guarantee the end of an incident, or the removal of malicious software. It does not guarantee that you will get your data back.
“Paying a ransom does create a financial incentive for criminals to continue or expand their activities, including potentially targeting you again.”
The government said any payments to a group operating from a sanctioned state may violate the Russia Sanctions Act 2022 or the United Nations Act 1946.
Those in breach face up to seven years in prison and/or a fine of $100,000 for individuals, and a fine of up to $1 million for organisations.
When asked by RNZ if they had encountered Kazu before, police said they were not in a position to provide comment.
Sign up for Ngā Pitopito Kōrero, a daily newsletter curated by our editors and delivered straight to your inbox every weekday.
– Published by EveningReport.nz and AsiaPacificReport.nz, see: MIL OSI in partnership with Radio New Zealand
