The group responsible for the ransomware attack released patient details to local media who passed the data on to the police.
Hackers who targeted hospitals in New Zealand's Waikato district have released what appears to be private patient information to media outlets, as health systems struggled to come back online more than a week after the attack.
A group claiming responsibility for the Waikato District Health Board cyberattack that took place last week released scores of official-looking records and documents containing names, phone numbers, and addresses of patients and staff, Radio New Zealand and other local media reported.
The media outlets decided not to report the details and referred the email to the police.
The outage of the health systems in Waikato continues, disrupting the treatment of patients and the payroll process of staff members.
The hospitals have now moved to manual processes to support a backlog of patients while the public was asked to look for alternative avenues for treatment for non-critical conditions.
Authorities would not comment on whether the cyber attackers had put forward any demands.
"We are aware that malicious actors can see what is being said in the media, and that this can influence their behaviour. On that basis, we can make no further comment on this," Waikato DHB Chief Executive Kevin Snee said in a statement.
The government has refused to pay any ransom to the hackers.
Waikato DHB cares for a population of more than 425,000 people.
The breach comes after Ireland's health service operator was hit by a ransomware attack that was executed by international cybercriminals.
But it was not clear if the attack in New Zealand was by the same group.
The US Federal Bureau of Investigation (FBI) said this week that the cybercriminals who hit the Irish health system used a malicious software dubbed "Conti" and had targeted at least 16 US medical and first response networks in the past year.
New Zealand's stock market was hit by a cyberattack last year and the central bank's data systems were also breached in an attack on a file sharing service provided by California-based Accellion.