In mid-May 2021 hospital computer systems and phone lines run by the Waikato District Health Board (DHB) in New Zealand were affected by a ransomware attack.
On 25 May, an unidentified group claimed responsibility for the hack and issued an ultimatum to the Waikato DHB, having obtained sensitive data about patients, staff and finances.
[3] On 27 May, senior Waikato DHB officials confirmed that hackers had seized patient and staff details and that files sent to several media including The New Zealand Herald contained genuine information.
[7] On 26 May, an unidentified doctor claimed that seriously ill cancer patients could be flown to Australia for treatment due to the disruption and potential data breach caused by the Waikato DHB cyber attack.
[10][11] In addition, restoration work was being done to salvage data from the Waikato DHB's inpatient management system and diagnostic services from its radiology and lab departments.
[12][13] On 29 June, Radio New Zealand and Stuff reported that a list of documents containing sensitive information including correspondence, medical records, and financial data had been released on the dark web.
In response, the Waikato DHB confirmed that it had contacted affected patients and was working with cybersecurity experts to identify and manage any potential disclosures.
[15] The following day, the Privacy Commissioner confirmed that the Waikato DHB would not be fined for patient data being hacked but that the health body may faced liability if harm was caused by it.