"New Zealand Government Hit by Ransomware Attack on IT Provider"

The New Zealand government recently confirmed being impacted by a ransomware attack on managed service provider (MSP) Mercury IT, which has disrupted businesses and public authorities in the country.  Mercury IT is a small business with only 25 employees and provides cybersecurity, IT, telecoms, and support services for multiple organizations in the country.  On December 1, private health insurer Accuro announced that a cyberattack on Mercury IT prevented access to core systems, saying that it had no evidence that data might have been compromised.  On Tuesday, December 6, New Zealand’s privacy commissioner announced that Mercury IT suffered a ransomware attack and that it has yet to determine the number of impacted organizations.  The incident was reported on November 30.  Currently, urgent work is underway to understand the number of organizations affected, the nature of the information involved, and the extent to which any information has been copied from the system.  Also on Tuesday, New Zealand’s health ministry Te Whatu Ora announced that the incident is preventing access to certain patient data, including roughly 8,500 records from Middlemore Hospital in Auckland and approximately 5,500 records from Cardiac Inherited Disease Registry.  Te Whatu Ora stated that there is no evidence at this stage that the above records have been subject to unauthorized access or download.  The health ministry also revealed that the ransomware attack has impacted six health regulatory authorities, including the Chiropractic Board, the Dietitians Board, the New Zealand Psychologists Board, the Optometrists and Dispensing Opticians Board of New Zealand, the Podiatrists Board, and the Physiotherapy Board of New Zealand.  Unfortunately, several other government departments, including the Ministry of Justice, fell victim to the attack as well.  

SecurityWeek reports: "New Zealand Government Hit by Ransomware Attack on IT Provider"