Ransomware Attack Impacts MSP’s Downstream Customers

Credit: Getty Images

MSP Mercury IT has experienced a ransomware attack that may have affected government agencies and other organizations across New Zealand, according to The Record.

New Zealand’s privacy commissioner confirmed the attack on December 7, 2022.

The ransomware attack prevented New Zealand organizations from accessing 14,500 files relating to the transportation of deceased people’s bodies and roughly 4,000 post-mortem examinations dating from March 2020 to November 2022, New Zealand’s Ministry of Justice indicated. Furthermore, cybercriminals blocked access to 8,500 records about bereavement care services and 5,500 records from New Zealand’s cardiac and inherited disease registry.

Who Was Impacted by the Mercury IT Ransomware Attack?

At least six health regulatory authorities that used Mercury IT were affected by the ransomware attack, including:

  • Optometrists and Dispensing Opticians Board of New Zealand
  • Chiropractic Board
  • Podiatrists Board
  • New Zealand Psychologists Board
  • Dietitians Board the Physiotherapy Board of New Zealand

Furthermore, Accuro, a nonprofit health insurance provider in New Zealand with more than 34,000 members, indicated that its “day-to-day operations and customer service” were impacted by the ransomware attack, The Record reported.

Investigation into the Mercury IT Ransomware Attack Is Underway

At this time, there is no evidence that any of the records that cybercriminals made inaccessible during the Mercury IT ransomware attack were accessed or downloaded, The Record reported.

Meanwhile, New Zealand’s privacy commissioner has opened a compliance investigation into the Mercury IT ransomware attack. The commissioner noted that “urgent work is underway to understand the number of organizations affected, the nature of the information involved and the extent to which any information has been copied out of the system” during the attack. In addition, the commissioner is encouraging any Mercury IT customers who have been impacted by the incident to reach out to the Office of the Privacy Commissioner for assistance.

Mercury IT is an Australian owned and operated MSP. It has been providing cybersecurity, managed IT and consulting solutions to organizations in New Zealand and its surrounding areas since 2004.

Return Home

No Comments

Leave a Reply

Your email address will not be published.