SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Large cyber attack targets several government organisations
Wed, 7th Dec 2022
FYI, this story is more than a year old

A New-Zealand IT MSP providing services to several government organisations has experienced a cyber-incident that has compromised access to its data and systems.

RNZ recently reported that organisations have said data held by external IT provider Mercury IT (NZ, no relation the AU based company with the same name) has been blocked and that multiple agencies were assessing the extent of the problem.

According to a National Cyber Security Centre (NCSC) release, some of the government agencies whose data has been impacted include providers contracted to Te Whatu Ora, Health NZ. The NCSC says that the incident has not impacted the delivery of health services. 

The Ministry of Justice has also confirmed that the cyber-security incident has impacted access to some coronial data.

The RNZ article says organisation officials have confirmed that access to 14,500 coronial files and about 4000 post-mortem reports from around the country have been affected.

The NCSC release goes on to say that the provider has engaged external cyber security response support and reported the incident to the NCSC as well as the New Zealand Police, CERT NZ and the Privacy Commissioner.

The NCSC within the Government Communications Security Bureau is reported to be currently leading the coordination of the government’s response.

Deputy Director-General of the NCSC, Lisa Fong, says that the incident response is at an early stage.

She says that the NCSC is working with the technology service provider to help understand more fully the nature of the data that has been impacted and how it occurred.

“It may take some time to get clarity around data impacted and to determine potential harm and scope of any breach.

“We are very conscious that the malicious actors behind this event could use public communications as a means to further leverage the incident and cause harm to others. For this reason we will not be providing further information at this time.”

Affected agencies will be reaching out to people they are able to identify as possibly being affected to advise them of the incident and provide support to help address any impact.

The NCSC says it will not be conducting interviews in relation to its statement, and questions about the response of affected agencies should be put to the relevant agency.

Last May, a similar attack brought Waikato DHBs hospitals and services to a halt for many days as it tried to restore its IT systems. A subsequent report into this attack reflected that Te Whatu Ora needs to put further emphasis on understanding hacker ability when building its security software.