Three business organisations have had systems knocked offline after the IT provider they share was hit by a cyber attack, while another three have reported cyber incidents.
BusinessNZ’s website was offline Monday afternoon with an “under maintenance” message, while the Wellington Chamber of Commerce and its stablemate Business Central alsohad systems affected.
The Herald understands early indications are that only public-facing channels were involved, not servers containing any financial data. But a breach of sensitive files could not be completely ruled out at this point.
Business NZ spokesman Cal Roberts, speaking on behalf of both his own organisation and Wellington Chamber and Business Central, told the Herald:
“BusinessNZ and Business Central’s external IT infrastructure provider has been the victim of a cyber attack which has affected some of our websites.
“Both BusinessNZ and Business Central take their obligations to protect members’ information seriously. Our current focus is working with our IT provider to investigate and understand the situation further.”
The Herald understands the IT provider is Wellington-based Mercury IT (which has no connections to the Australian IT provider of the same name), and that a number of the firm’s other clients have also been affected. (UPDATE: Mercury IT said in a statement that it was hit by a cyberattack. It was working with outside specialists and authorities but could offer no more details. Through a spokesman, director Corry Tierney declined to answer questions).
The New Zealand Nurses Organisation (NZNO), which represents more than 55,000 nurses and health workers, said in a website statement that it had also been affected by a cyber-attack on its IT provider, who was not named.
“Due to a major international cyber-attack on its host, Kaitiaki’s website is down. Police and cyber-security experts are working with NZNO tech consultants to restore it (and other affected websites) as soon as possible. However, we have been advised this could take some days.,” the NZNO said in a statement.
This morning, NZNO spokesman Rob Zorn had good and bad news. The bad: Website data could not be retrieved. The good: “We are certain that no personal data has been compromised by this attack.” Zorn declined to name the NZNO’s IT provider.
The Physiotherapy Board of New Zealand was in the same situation. It also did not name its IT provider, which it said had been hit by “a largescale ransomware attack.”
The board said in a statement on its website that it was not aware of the attack resulting in the publication of any personal details but added: “Such a privacy breach may be possible”.
The nature and extent of the attack was not yet clear.
Late on Friday, health insurer Accuro said its customer data could have been exposed in a cyber attack.
The Wellington-based firm has around 30,000 customers, chief financial officer Joe Benbow told the Herald.
Image / 123rf
“Accuro’s external IT infrastructure provider has been the victim of a cyber attack that has prevented access to a number of our core systems,” the firm says in a statement.
Benbow wouldn’t name the provider on Friday, or today.
“At this stage, we have no evidence that any Accuro data has been compromised, but we cannot rule out this possibility,” the CFO said on Friday.
He would not confirm or deny if a ransomware threat was involved.
This afternoon, there was no substantial update. Accuro is still trying to gauge the scope of the attack, and whether sensitive data was exposed.
“Our IT provider is working with their own forensic experts and Government agencies to understand the nature and extent of the impact. We have also notified the relevant regulatory authorities, including the Office of the Privacy Commissioner,” the firm said in a statement.
The company warns its phone service is currently limited and is asking customers to email info@accuro.co.nz instead.
Brett Callow, a threat assessment analyst with NZ-based Emsisoft, told the Herald there were no immediate signs of Accuro customer data for sale on the dark web, as of Monday afternoon. Nor where the any sign of any BusinessNZ or Wellington Chamber data.
Accuro is the latest provider to be hit after a string of cyber-attacks that included a hack on central North Island provider Pinnacle Midlands Health Network in October and the earlier ransomware attack on the Waikato DHB. Pinnacle updated on Friday afternoon that it is still in the process of trying to identify affected patients.
Across the Tasman, sensitive patient records have started to appear on the dark web after health insurer Medibank refused to pay a US$9.7m cyber ransom.
Pinnacle has refused to confirm or deny if it’s the subject of a cyber ransom demand.
