Cyber Incident Victim: Tonga
Date:
Jun 2025
Location:
Tonga
Summary
The National Health Information System was encrypted by ransomware, prompting officials to shut it down and switch to manual operations while staff were unaware of the severity. The breach was disclosed during a parliamentary debate, leading the deputy prime minister to notify the Australian High Commission, which sent a cyber team to assist. Authorities confirmed the attackers demanded payment and warned that patient data remained inaccessible, though they could not yet determine whether any information had been exfiltrated. Government leaders urged investment in stronger IT defenses and asked residents to bring personal health records to hospitals to support the temporary manual workflow.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On June 1, 2025, Tonga’s National Health Information System (NHIS) was reported to have suffered a ransomware breach, according to Dr ʻAna ʻAkauʻola, who said the system had been shut down and staff moved to manual operations. The breach became known during a parliamentary debate on the MEIDECC budget when Deputy Prime Minister Dr Taniela Fusimalohi informed members of parliament about the intrusion. Dr ʻAkauʻola stated she had learned of the hack earlier in the week and immediately summoned system administrators, noting that the staff member responsible for the NHIS was unaware that the incident was a serious breach. She disclosed that the hackers had encrypted the NHIS and demanded payment, while assuring parliament that the attackers would not damage the information stored in the system. Dr ʻAkauʻola also said she emailed Dr Fusimalohi upon confirming the breach, prompting him to engage the Australian High Commission for assistance.
Dr Fusimalohi confirmed that an Australian cybersecurity team arrived in Tonga on the same day to help resolve the incident. The NHIS, which was first introduced in 2019 with support from the Asian Development Bank and went live in 2021, experienced its first ransomware attack. Dr ʻAkauʻola warned that such incidents are a risk ahead of full digitalisation, adding that patient data is currently inaccessible but that it cannot be confirmed whether confidential patient data was compromised during the hack. Minister for Police Paula Piukala welcomed the shift to manual processes but criticised previous governments for ignoring earlier warnings that Tonga’s digital infrastructure is not fully prepared for such threats, stating that the hackers are demanding millions of dollars and urging greater investment in IT infrastructure. Former Prime Minister Siaosi Sovaleni suggested the breach might have originated from a simple click on a malicious link, while noting that it remains unclear if patient data was exfiltrated.
Prime Minister ‘Aisake Eke said government efforts are underway and assured the public that updates will follow as the situation develops. In the meantime, residents have been urged via social media to bring essential health records to hospitals to assist with manual record‑keeping while the NHIS remains offline. Officials indicated that further updates are expected as the Australian cyber team works to restore full access to the National Health Information System.