What does the latest cyber hack teach us

What does the latest cyber hack teach us

Is data ever safe? What does the latest hack teach us?

The recent Manage My Health hack has put cybersecurity front and centre for the beginning of 2026.

Associate Professor of Computer and Information Science, Kenneth Johnson, says wherever there is data, there is a risk it will leak.

"That's as true of the analog or physical world as it is of the digital world. Just last year there was a news story about a mayoral desk stuffed with secret files being accidentally sold to a man at a local tip shop. Physical notes can be stolen or misplaced - writing stuff down or gathering data carries risk."

However, Ken points out that there is obviously a benefit to data - you wouldn't want a GP who doesn't take notes of your health and treatment for example - the key is how that data is stored and protected.

"Cybersecurity is extremely hard. Defenders of the system need to succeed 100% of the time. As an attacker, you only need to succeed once. Given what the hacker in the Manage My Health case has said to a journalist, hacking data for ransom is a viable business model. So, the risk will always be there.

"Cyber attacks are a big deal. They cost New Zealanders an estimated 1.6 billion last year and threats are significant across all industries.

"All our private data is valuable to criminals who can use it for identity theft. Broadly speaking, health-care data contains confidential medical records with sensitive information which we feel would be a violation to us if it was to be released."

Ken says both individuals and organisations should take as many steps as possible to protect their data. "In the Manage My Health hack it became clear that two factor authentication was optional. If at all possible, you should use two factor authentication for any tool that offers it to you - whether it's your health app or a fast-food app."

Tips to keep your data safe

Own Your Online is a set of resources for both individuals and businesses to help protect them from scams and cyber attacks. Provided by the National Cyber Security Centre, it offers advice for those affected by hacks as well as preventative tips to keep your data safe.

"Things like using a password manager and having different, hard to guess passwords for every account, and using two or multi factor authentication are really important. As more and more services are digitalised, we need to make sure people have enough awareness to protect their sensitive data," says Ken.

Quick security steps

• Create strong passwords
• Use two-factor authentication (2FA)
• Turn on auto updates on your apps and devices
• Set your social media settings to private
• Think before you click
• Check how exposed you are

The risks of AI in cyber attacks

Generative-AI may be assisting cyber criminals by helping design malware programs to help attackers gain unauthorised access to computer systems, writing convincing phishing emails, scraping personal data from social media to help guess user passwords or impersonating the voice of a close contact of the target to urge them to send money. However, Ken points out the cybersecurity experts can also use the same generative AI technology to defend systems.

"AI could be useful for cybersecurity by simplifying technical issues for non-technical staff for quicker decision-making, finding patterns in system monitoring data that indicate suspicious activity and writing programs to automatically remove system vulnerabilities."

Some basics

Cyber attacks that involve ransoms should be reported to NZ Police. An injunction with the High Court then means that anyone accessing the ransomed data could be prosecuted.

Under the Privacy Act 2020, any organisation or business that has a privacy breach that either has caused (or is likely to cause) anyone serious harm, they must notify the Privacy Commissioner and any affected people as soon as they are practically able.

End of the age of passwords?

As it becomes more difficult to keep data safe, we should also ponder what might replace passwords, and whether they're more secure, says Ken.

"Biometrics like facial recognition or fingerprint scans are becoming much more common as an alternative to passwords, but they're not necessarily perfectly secure. Could this data be misused?

"Ultimately we need to consider the risks and benefits of technology and the corresponding security. We're not talking about a highly regulated environment like aviation, where if something goes wrong, it goes really wrong.

"We have limited ability to 'opt out' of technological systems that underpin our world and so we're all a little bit at risk. Nothing is foolproof. Online life is useful to us - we like being able to buy things online, and there is a security tradeoff that goes along side that, so we need to accept some risk while taking steps to keep our data secure."