If you want to develop your listening skills, try these tasks as you listen to the text. The answers are at the bottom of this page. Thanks to Natasha Groves for preparing the tasks.
If you want to listen and read, just scroll down to the text.
You can use the vocabulary list to check the meanings of some words before you listen.
Vocabulary
data breach – a situation in which private information can be seen by somebody who is not allowed to see it
patient (noun) – someone who is sick and sees a doctor or goes to hospital
prescription – medicine or treatment ordered by a doctor
hacker – a person who secretly used or changes the information in other people’s computer systems
ransom – in this context, money that is demanded to stop private data being published
flaw – a mistake or weakness
announce – to officially tell people something, especially a plan or decision
safeguard – to protect something from harm or damage
authentication – in this context, proving that it is really you trying to log in to a website
penalty – a punishment for breaking a law, rule, or legal agreement
court injunction – an order given by a court, which tells someone not to do something
Note that these words are explained in the text:
portal
general practices
two-factor authentication
Try these activities while listening
1. Listening for main ideas
First, just listen to the text, taking notes if you wish. What information can you catch during this first listening?
2. Now listen again and answer the following questions:
- What is Manage My Health and what does it do?
- What can patients do on Manage My Health?
- What did the hacker Kazu claim to have?
- Where were most of the affected patients based?
- What problems were there after the flaws had been fixed?
- What will the inquiry into the breach focus on?
- Why were data security experts very critical of Manage My Health’s security measures?
- What happened on 1 January?
News story
At the end of December, it was revealed that the website Manage My Health had been breached. Manage My Health is a private online health portal, which means it stores information for some doctors and patients. Some general practices (that is, medical clinics) use Manage My Health so that their patients can access their records, order repeat prescriptions, and make appointments. About 1.8 million users were registered on the portal in 2025.
On 30 December, a hacker called Kazu posted online that they had breached Manage My Health. They claimed that they had 108Gb of data, including names, medical records, test results, prescription details, and more. They demanded a ransom of US$60,000 (NZ$104,000). Between 31 December and 4 January Manage My Health confirmed the breach and reported that between 6 and 7 percent of its users may have been impacted. It fixed the flaws in its code on the website which allowed the breach, and it started to identify the general practices and people who were affected. Finally, on 10 January, Manage My Health revealed that most of the affected patients were based in Northland.
However, there were still several problems. According to a doctors’ organisation on 6 January, many general practices still did not know who was affected, and they were critical of Manage My Health’s communication. In addition, some patients were told that that their data had been taken and then were told that it had not been. Others found out that their medical information was still being added to Manage My Health, even though they stopped using it several years earlier. On 8 January, patients were told to change their password on the website, but then it crashed. As a result of these problems, many people reported feeling very anxious about the situation. Although Manage My Health is a private company, government agencies such as Health NZ, the National Cyber Security Centre, and the Office of the Privacy Commissioner have worked together to support Manage My Health and to advise affected people. On 21 January, the Privacy Commissioner announced an inquiry into the breach. It will focus on whether Manage My Health had appropriate security safeguards and how to prevent such an incident happening again.
Data security experts were very critical of Manage My Health’s security measures. Users could log in with only a password, whereas good security now involves two-factor authentication. That means that users need to confirm their identity in two ways, such as logging in with a password and then receiving a text or an email. Furthermore, privacy lawyers have commented that New Zealand needs to introduce tougher penalties for companies if they do not do enough to protect privacy.
Data breaches and cyber-attacks are more common at this time of year, during the holiday period in New Zealand. On 1 January, there was a data breach on a New Zealand social media site called Neighbourly, and some of the data appeared for sale on the dark web. However, the owner of Neighbourly, the media organisation Stuff, received a court injunction which prevents people from accessing or using the stolen data. Another private health provider, Canopy Health, revealed on 12 January that there was a major cyber-attack on its systems in July 2025. Patients were very unhappy that the company took so long to inform them.
Answers – you don’t have to write a complete sentence as long as you have the key idea in your answer.
a. What is Manage My Health and what does it do?
It is a private online health portal; it stores information for some doctors and patients
b. What can patients do on Manage My Health?
Access their records, order repeat prescriptions, and make appointments
c. What did the hacker Kazu claim to have?
108Gb of data, including names, medical records, test results, prescription details, and more
d. Where were most of the affected patients based?
Northland
e. What problems were there after the flaws had been fixed?
Many general practices still did not know who was affected; some patients were told that that their data had been taken and then were told that it had not been; others found out that their medical information was still being added to Manage My Health, even though they stopped using it several years earlier
f. What will the inquiry into the breach focus on?
Whether Manage My Health had appropriate security safeguards and how to prevent such an incident happening again
g. Why were data security experts very critical of Manage My Health’s security measures?
Users could log in with only a password, whereas good security now involves two-factor authentication.
h. What happened on 1 January?
There was a data breach on a New Zealand social media site called Neighbourly, and some of the data appeared for sale on the dark web.