Ransomware, Breach, Channel partners, Content

Ransomware Attack Impacts MSP’s Downstream Customers

Cybercrime, piracy and data theft. Network security breach. Compromised computer showing skull and bones symbol. Digital 3D rendering concept.

MSP Mercury IT has experienced a ransomware attack that may have affected government agencies and other organizations across New Zealand, according to The Record.

New Zealand's privacy commissioner confirmed the attack on December 7, 2022.

The ransomware attack prevented New Zealand organizations from accessing 14,500 files relating to the transportation of deceased people's bodies and roughly 4,000 post-mortem examinations dating from March 2020 to November 2022, New Zealand's Ministry of Justice indicated. Furthermore, cybercriminals blocked access to 8,500 records about bereavement care services and 5,500 records from New Zealand's cardiac and inherited disease registry.

Who Was Impacted by the Mercury IT Ransomware Attack?

At least six health regulatory authorities that used Mercury IT were affected by the ransomware attack, including:

  • Optometrists and Dispensing Opticians Board of New Zealand
  • Chiropractic Board
  • Podiatrists Board
  • New Zealand Psychologists Board
  • Dietitians Board the Physiotherapy Board of New Zealand

Furthermore, Accuro, a nonprofit health insurance provider in New Zealand with more than 34,000 members, indicated that its "day-to-day operations and customer service" were impacted by the ransomware attack, The Record reported.

Investigation into the Mercury IT Ransomware Attack Is Underway

At this time, there is no evidence that any of the records that cybercriminals made inaccessible during the Mercury IT ransomware attack were accessed or downloaded, The Record reported.

Meanwhile, New Zealand's privacy commissioner has opened a compliance investigation into the Mercury IT ransomware attack. The commissioner noted that "urgent work is underway to understand the number of organizations affected, the nature of the information involved and the extent to which any information has been copied out of the system" during the attack. In addition, the commissioner is encouraging any Mercury IT customers who have been impacted by the incident to reach out to the Office of the Privacy Commissioner for assistance.

Mercury IT is an Australian owned and operated MSP. It has been providing cybersecurity, managed IT and consulting solutions to organizations in New Zealand and its surrounding areas since 2004.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.