Cyber attack on NZ’s largest insurer of doctors MAS may have exposed members’ personal data

MAS insurance released a statement revealing a third-party supplier that provides after hours call centre services for the company ”has recently notified us of a breach of their systems through a cyber-attack”. Photo / 123RF

A cyber attack on the after-hours call service of New Zealand’s largest insurer of medical professionals has potentially exposed the personal data of its members.

MAS insurance has released a statement this afternoon revealing a third-party supplier of after-hours call-centre services for the company “has recently notified us of a breach of their systems through a cyber-attack”.

“If you have ever used this after-hours service, it is possible they hold some personal data of yours,” MAS chief executive Martin Stokes said.

“To date, we have no confirmation this data has been compromised, but out of an abundance of caution we have suspended use of this supplier.”

MAS [Medical Assurance Society ] was founded by New Zealand doctors in 1921 and says on its website that more than 80 per cent of Kiwi medical professionals insure with the company.

However, the company now also provides insurance for non-medical professionals including car, house, contents and life insurance.

Stokes said the insurance company is working with the third-party supplier who experienced the cyber attack to “remedy the situation” and apologised for the breach.

He assured “MAS systems remain secure and have not been breached” but suggested members might like to change their passwords in any personal accounts as a precaution.

While the situation is being resolved with the third-party call centre, Stokes said a team at MAS will provide limited after-hours services and follow up with any messages left with it outside business hours.

“MAS takes the privacy and confidentiality of our members’ personal information very seriously,” Stokes said.

“We will contact you directly if there are any concerns with your security, however if you have any questions, you can contact our privacy officers at privacy@mas.co.nz”

The cyber attack on MAS is the latest in a series of possible breaches of the personal data of New Zealand health-related insurers and government organisations.

On December 2, Health insurer Accuro also revealed its customer data could have been exposed in a cyber attack, also on an external provider the company uses.

The Wellington-based firm has around 30,000 customers, chief financial officer Joe Benbow told the Herald.

“Accuro’s external IT infrastructure provider has been the victim of a cyber attack that has prevented access to a number of our core systems,” the firm says on its website.

And on December 6, a cyber attack blocked access to about 14,000 files relating to cardiac, inherited disease and bereavement care, Health NZ/Te Whatu Ora confirmed.

Te Whatu Ora wrote in a statement that the attack did not target the organisation directly but instead targeted an IT provider it works with.