This week, the New Zealand government acknowledged that companies and public bodies in the nation had been affected by a ransomware attack on the managed service provider (MSP) Mercury IT. This small company, with only 25 employees, offers cybersecurity, IT, telecom, and support services to several enterprises around the nation.
Accuro, a private health insurance company, stated on December 1 that a cyberattack on Mercury IT had blocked access to key systems, although it had no proof that data had been stolen. “For the time being, our systems remain offline which will impact services and we request your patience as we work towards a solution,” said the company.
Mercury IT was the target of a ransomware attack, according to the privacy commissioner for New Zealand, who made the announcement on Tuesday, December 6. The exact number of impacted firms is yet unknown. The event was brought to the commissioner’s attention on November 30. The privacy commissioner emphasized that urgent work is being done to determine the number of companies affected, the type of information involved, and the extent to which any information has been copied out of the system.
On Tuesday, New Zealand’s health ministry Te Whatu Ora said that the incident is limiting access to some patient data, including over 8,500 records from Middlemore Hospital in Auckland and nearly 5,500 records from the Cardiac Inherited Disease Registry. Although the mentioned records are temporarily unavailable, there is currently no proof that they have been downloaded or accessed without authorization.
The ministry also disclosed that six health regulatory bodies, including the New Zealand Psychologists Board, the Dietitians Board, the Chiropractic Board, the Podiatrists Board, the Optometrists and Dispensing Opticians Board of New Zealand, and the Physiotherapy Board of New Zealand, were affected by the ransomware attack.
According to co-founder and CTO of AttackIQ Stephan Chenette, this attack comes after a slew of well-publicized cyberattacks on hospitals, including one earlier this week that resulted in the closure of the French hospital André-Mignot’s phone and computer systems. Unfortunately, the attack affected many other government agencies, including the Ministry of Justice.