Fraud Management & Cybercrime , Ransomware

Ransomware Attack in New Zealand Has Cascading Effects

Government Agencies and Private Sector Affected by Attack on IT Services Provider
Ransomware Attack in New Zealand Has Cascading Effects
The Auckland, New Zealand skyline (Image: Nadine Simoner/Pixabay)

A ransomware attack on a New Zealand third-party managed IT service provider affected several government agencies across the country - including the Ministry of Justice and the national health authority.

See Also: Defend Your Business Against Web-Based Threats

The Office of the Privacy Commissioner said "urgent work" is underway to understand the full impact of the incident. The third-party provider is Mercury IT, whose LinkedIn page describes it as a small business based in Wellington. It provides a wide range of IT services to customers throughout New Zealand, according to a one-page website on the company domain.

News of the incident began filtering to the public after Wellington-based private health insurer Accuro informed customers on Thursday of an incident at a third-party provider that may have affected the personal data of its 34,000 customers (see: New Zealand Health Insurer Investigates IT Provider Hack).

A spokesperson for the Office of the Privacy Commissioner told Information Security Media Group that Mercury IT is the constant behind this spate of service outages.

New Zealand’s National Cyber Security Center, Health New Zealand and the Ministry of Justice issued separate statements on Tuesday confirming the incident.

Government health services are running normally but clinicians in some areas of the country cannot access a registry of inherited cardiac diseases or bereavement care services. Approximately 8,500 bereavement records and 5,500 records on the cardiac disease register are unavailable.

Six other health regulatory authorities whose services are hosted by Mercury IT have also been affected. They include the Optometrists and Dispensing Opticians Board of New Zealand, the Chiropractic Board, the Podiatrists Board, the New Zealand Psychologists Board, the Dietitians Board, and the Physiotherapy Board of New Zealand.

The Ministry of Justice says the incident appears to have affected access to approximately 14,500 records relating to the transportation of deceased people and approximately 4,000 postmortem reports.

The New Zealand Herald reported that some private sector organizations may also be affected - including Business NZ, a lobbying organization. The organization's online domain currently displays a one-page website stating that it is "currently under maintenance."

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.