Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit - NZ Herald
Ransomware attacks: Privacy Commissioner plans investigation as Justice, Health hit
Chris Keall
By Chris Keall
6 Dec, 2022 04:50 AM
7 mins to read
Save
Share
0
Comments
Play Video
Baby blood donor battle, the Christmas spike targeting online shoppers and home for Christmas? Why your travel plans could be disrupted in the latest New Zealand Herald headlines. Video / NZ Herald
Privacy Commissioner Michael Webster is planning an investigation after Wellington-based IT provider Mercury IT was hit by a ransomware attack - potentially compromising sensitive data it hosts for multiple clients, including health insurer Accuro, BusinessNZ, the NZ National Nurses Association and the Ministry of Justice, with 15,000 Coroners Court files taken out.
The GCSB’s National Cyber Security Centre said government agencies whose data has been impacted include some providers contracted to Te Whatu Ora, Health NZ. The incident has not impacted the delivery of health services, the NCSC said.
The NCSC is leading the response, supported by the police and Cert NZ. The Herald first reported elements of the attack last Friday.
“There has been a cyber security incident involving a ransomware attack on Mercury IT. Mercury IT provides a wide range of IT services to customers across New Zealand,” the Privacy Commissioner’s office said.
ADVERTISEMENT
Advertise with NZME.
“This is an evolving situation. We were notified of the cyber security attack on November 30. Urgent work is underway to understand the number of organisations affected, the nature of the information involved and the extent to which any information has been copied out of the system.
Read More
Relentless cyberattacks: Justice Minister Kiri Allan's take on two circuit-breaker moves
“The Office of the Privacy Commissioner is planning on opening a compliance investigation into this incident so that it can make full use of its information-gathering powers. We encourage any clients of Mercury IT who have been impacted by this incident and who have not already been in touch with us to contact the Office of the Privacy Commissioner.”
In a statement, Mercury IT director Corry Tierney said:
“On 30 November 2022, we became aware that we were the victim of a cyber-incident after a malicious and unauthorised actor gained access to our server environment. This was immediately escalated to senior management. The incident was raised with relevant Government authorities, and we have engaged external specialist support. Our response to understand how this occurred, and address the impacts, is at an early stage; however, all possible steps have been taken to secure our environment. We are committed to supporting our impacted clients with their own investigations wherever possible and we apologise, sincerely, for the impact this attack has caused.”
ADVERTISEMENT
Advertise with NZME.
Through a spokesman, Tierney refused to answer any questions.
“We cannot provide further information on the impact and our mitigation at this time as the actors behind this incident, or others, can leverage any publicly available information,” he said.
This afternoon, the Ministry of Justice said a cyber attack had blocked access to 14,500 coronial files and around 4000 post-mortem examination reports, the Ministry of Justice has confirmed this afternoon.
Some 30,000 customers of health insurer Accuro have had personal data potentially exposed via the attack on Mercury IT.
Related articles
BUSINESS
Pinnacle Health hack: Sensitive files posted to the dark web
09 Oct 05:00 PM
BUSINESS
Revealed: The number of Kiwi businesses that would pay a cyber ransom
29 May 06:00 AM
NEW ZEALAND
Waikato DHB cyber attack: 4200 people's personal details disclosed on dark web
10 Sep 05:33 AM
BUSINESS
Spy agency says 170,000 cyberattacks launched on NZ
19 Sep 06:35 AM
The Nurses Association has some 55,000 members.
Read More
Relentless cyberattacks: Justice Minister Kiri Allan's take on two circuit-breaker moves
The Privacy Commissioner reminded businesses and organisations that a 2020 update to the Privacy Act means any data breach must be reported to his office.
And he warned people not to share any information spilled online. Instead, it should be reported to police.
“For individuals - be on the lookout for anything out of the ordinary. Watch out for suspicious texts, emails or unusual things happening with your accounts or records. Be particularly cautious of contact from an unknown source,” the Commissioner said. The agency has posted protection tips online here.
EARLIER:
At least three business organisations have had systems knocked offline after the IT provider they share was hit by a cyber attack, while another three have reported cyber incidents.
BusinessNZ’s website was offline Monday afternoon with an “under maintenance” message, while the Wellington Chamber of Commerce and its stablemate Business Central also had systems affected.
The Herald understands early indications are that only public-facing channels were involved, not servers containing any financial data. But a breach of sensitive files could not be completely ruled out at this point.
Business NZ spokesman Cal Roberts, speaking on behalf of both his own organisation and Wellington Chamber and Business Central, told the Herald:
“BusinessNZ and Business Central’s external IT infrastructure provider has been the victim of a cyber attack which has affected some of our websites.
“Both BusinessNZ and Business Central take their obligations to protect members’ information seriously. Our current focus is working with our IT provider to investigate and understand the situation further.”
The Herald understands the IT provider is Wellington-based Mercury IT (which has no connections to the Australian IT provider of the same name), and that a number of the firm’s other clients have also been affected. (UPDATE: Mercury IT said in a statement that it was hit by a cyberattack. It was working with outside specialists and authorities but could offer no more details. Through a spokesman, director Corry Tierney declined to answer questions).
Read More
Relentless cyberattacks: Justice Minister Kiri Allan's take on two circuit-breaker moves
The New Zealand Nurses Organisation (NZNO), which represents more than 55,000 nurses and health workers, said in a website statement that it had also been affected by a cyber-attack on its IT provider, who was not named.
“Due to a major international cyber-attack on its host, Kaitiaki’s website is down. Police and cyber-security experts are working with NZNO tech consultants to restore it (and other affected websites) as soon as possible. However, we have been advised this could take some days.,” the NZNO said in a statement.
This morning, NZNO spokesman Rob Zorn had good and bad news. The bad: Website data could not be retrieved. The good: “We are certain that no personal data has been compromised by this attack.” Zorn declined to name the NZNO’s IT provider.
The Physiotherapy Board of New Zealand was in the same situation. It also did not name its IT provider, which it said had been hit by “a largescale ransomware attack.”
The board said in a statement on its website that it was not aware of the attack resulting in the publication of any personal details but added: “Such a privacy breach may be possible”.
The nature and extent of the attack was not yet clear.
Late on Friday, health insurer Accuro said its customer data could have been exposed in a cyber attack.
The Wellington-based firm has around 30,000 customers, chief financial officer Joe Benbow told the Herald.
Chris Keall
By Chris Keall
6 Dec, 2022 04:50 AM
7 mins to read
Save
Share
0
Comments
Play Video
Baby blood donor battle, the Christmas spike targeting online shoppers and home for Christmas? Why your travel plans could be disrupted in the latest New Zealand Herald headlines. Video / NZ Herald
Privacy Commissioner Michael Webster is planning an investigation after Wellington-based IT provider Mercury IT was hit by a ransomware attack - potentially compromising sensitive data it hosts for multiple clients, including health insurer Accuro, BusinessNZ, the NZ National Nurses Association and the Ministry of Justice, with 15,000 Coroners Court files taken out.
The GCSB’s National Cyber Security Centre said government agencies whose data has been impacted include some providers contracted to Te Whatu Ora, Health NZ. The incident has not impacted the delivery of health services, the NCSC said.
The NCSC is leading the response, supported by the police and Cert NZ. The Herald first reported elements of the attack last Friday.
“There has been a cyber security incident involving a ransomware attack on Mercury IT. Mercury IT provides a wide range of IT services to customers across New Zealand,” the Privacy Commissioner’s office said.
ADVERTISEMENT
Advertise with NZME.
“This is an evolving situation. We were notified of the cyber security attack on November 30. Urgent work is underway to understand the number of organisations affected, the nature of the information involved and the extent to which any information has been copied out of the system.
Read More
Relentless cyberattacks: Justice Minister Kiri Allan's take on two circuit-breaker moves
“The Office of the Privacy Commissioner is planning on opening a compliance investigation into this incident so that it can make full use of its information-gathering powers. We encourage any clients of Mercury IT who have been impacted by this incident and who have not already been in touch with us to contact the Office of the Privacy Commissioner.”
In a statement, Mercury IT director Corry Tierney said:
“On 30 November 2022, we became aware that we were the victim of a cyber-incident after a malicious and unauthorised actor gained access to our server environment. This was immediately escalated to senior management. The incident was raised with relevant Government authorities, and we have engaged external specialist support. Our response to understand how this occurred, and address the impacts, is at an early stage; however, all possible steps have been taken to secure our environment. We are committed to supporting our impacted clients with their own investigations wherever possible and we apologise, sincerely, for the impact this attack has caused.”
ADVERTISEMENT
Advertise with NZME.
Through a spokesman, Tierney refused to answer any questions.
“We cannot provide further information on the impact and our mitigation at this time as the actors behind this incident, or others, can leverage any publicly available information,” he said.
This afternoon, the Ministry of Justice said a cyber attack had blocked access to 14,500 coronial files and around 4000 post-mortem examination reports, the Ministry of Justice has confirmed this afternoon.
Some 30,000 customers of health insurer Accuro have had personal data potentially exposed via the attack on Mercury IT.
Related articles
BUSINESS
Pinnacle Health hack: Sensitive files posted to the dark web
09 Oct 05:00 PM
BUSINESS
Revealed: The number of Kiwi businesses that would pay a cyber ransom
29 May 06:00 AM
NEW ZEALAND
Waikato DHB cyber attack: 4200 people's personal details disclosed on dark web
10 Sep 05:33 AM
BUSINESS
Spy agency says 170,000 cyberattacks launched on NZ
19 Sep 06:35 AM
The Nurses Association has some 55,000 members.
Read More
Relentless cyberattacks: Justice Minister Kiri Allan's take on two circuit-breaker moves
The Privacy Commissioner reminded businesses and organisations that a 2020 update to the Privacy Act means any data breach must be reported to his office.
And he warned people not to share any information spilled online. Instead, it should be reported to police.
“For individuals - be on the lookout for anything out of the ordinary. Watch out for suspicious texts, emails or unusual things happening with your accounts or records. Be particularly cautious of contact from an unknown source,” the Commissioner said. The agency has posted protection tips online here.
EARLIER:
At least three business organisations have had systems knocked offline after the IT provider they share was hit by a cyber attack, while another three have reported cyber incidents.
BusinessNZ’s website was offline Monday afternoon with an “under maintenance” message, while the Wellington Chamber of Commerce and its stablemate Business Central also had systems affected.
The Herald understands early indications are that only public-facing channels were involved, not servers containing any financial data. But a breach of sensitive files could not be completely ruled out at this point.
Business NZ spokesman Cal Roberts, speaking on behalf of both his own organisation and Wellington Chamber and Business Central, told the Herald:
“BusinessNZ and Business Central’s external IT infrastructure provider has been the victim of a cyber attack which has affected some of our websites.
“Both BusinessNZ and Business Central take their obligations to protect members’ information seriously. Our current focus is working with our IT provider to investigate and understand the situation further.”
The Herald understands the IT provider is Wellington-based Mercury IT (which has no connections to the Australian IT provider of the same name), and that a number of the firm’s other clients have also been affected. (UPDATE: Mercury IT said in a statement that it was hit by a cyberattack. It was working with outside specialists and authorities but could offer no more details. Through a spokesman, director Corry Tierney declined to answer questions).
Read More
Relentless cyberattacks: Justice Minister Kiri Allan's take on two circuit-breaker moves
The New Zealand Nurses Organisation (NZNO), which represents more than 55,000 nurses and health workers, said in a website statement that it had also been affected by a cyber-attack on its IT provider, who was not named.
“Due to a major international cyber-attack on its host, Kaitiaki’s website is down. Police and cyber-security experts are working with NZNO tech consultants to restore it (and other affected websites) as soon as possible. However, we have been advised this could take some days.,” the NZNO said in a statement.
This morning, NZNO spokesman Rob Zorn had good and bad news. The bad: Website data could not be retrieved. The good: “We are certain that no personal data has been compromised by this attack.” Zorn declined to name the NZNO’s IT provider.
The Physiotherapy Board of New Zealand was in the same situation. It also did not name its IT provider, which it said had been hit by “a largescale ransomware attack.”
The board said in a statement on its website that it was not aware of the attack resulting in the publication of any personal details but added: “Such a privacy breach may be possible”.
The nature and extent of the attack was not yet clear.
Late on Friday, health insurer Accuro said its customer data could have been exposed in a cyber attack.
The Wellington-based firm has around 30,000 customers, chief financial officer Joe Benbow told the Herald.
