About 430,000 patient documents, some dating back to 2017, were stolen in a cyber attack against the medical portal Manage My Health.  The documents potentially covered 127,000 New Zealanders, many in Northland, whose personal information is now in the hands of an extortionist operating on the dark web.  Further details of the scale of the data breach have been revealed in court documents as the High Court works swiftly to help companies involved in two separate cyber attacks to try to contain the damage.  In the past two days, judges have issued injunctions in favour of Manage My Health and the local networking website Neighbourly, which were both subject to cyber attacks which became public last week.  Court documents reveal that, in the case of Manage My Health, the data breach included information from 45 GP practices based in Northland.  However, the stolen information also involved 355 “referral-originating” medical practices across several regions.  The information taken included clinical discharge summaries, referrals and related files, and information uploaded to the system by patients.  Some of the information covered historical clinical referral records dating from between 2017 and 2019.  The number of patients involved – around 127,000 – is consistent with Manage My Health’s public comment that 6 to 7% of the portal’s 1.8 million registered users had been affected.  The hacker claiming to be behind the breach says a negotiator is working with the company to get a ransom paid before a deadline originally set at January 15, but which has since shifted.  “Don’t worry, this will be over soon, and everyone will be satisfied,” the person identifying as the hacker Kazu told the Herald through the Telegram messaging app.  Manage My Health’s application for an injunction shows that its systems were breached by an automated hacking attack.  This involved “abnormally high-frequency login activity” with repeated authentication attempts and the use of rotating IP addresses to hide the source of attack.  “These access patterns are consistent with automated extraction methods used by hackers in other cyber attacks,” Justice Andru Isac said in granting the urgent injunction to the company.  The injunction aimed to stop “all persons from accessing or in any way dealing with the stolen data, including storing, broadcasting, publishing, sharing, disclosing, or using any information taken from the stolen data”.  Anyone in possession of the information was required to delete it.  The injunction is enforceable within New Zealand but much of the murky world of the dark web lies outside New Zealand and its courts’ jurisdiction.  Neighbourly attack involved 150Gb of data  Neighbourly was advised that some of its data was for sale on the dark web on New Year’s Day.  Its site was temporarily shut down while the company dealt with the vulnerability which allowed the data breach.  Neighbourly is owned by Stuff Ltd, which also owns stuff.co.nz with TradeMe.  The site’s members use it to interact on community issues such as local events, crime and safety, council issues, neighbourhood watch, babysitting and lost pets.  In its application for a High Court injunction over misuse of its data, Neighbourly said about 150 gigabytes of information had been stolen on a specific “occasion” when the vulnerability was exploited.  This was consistent with a listing on the dark web which claimed to have 213 million lines of data available, including members’ contact details, platform interactions and direct messages.  Justice David Johnstone issued Neighbourly with an injunction which said no one could use the data stolen from Neighbourly, must delete it immediately and permanently, and take down any links to or publications of the information.  Ric Stevens spent many years working for the former New Zealand Press Association...