Incident & Breach Response , Security Operations

New Zealand Health Insurer Investigates IT Provider Hack

Accuro Says Claims Processing Affected, No Evidence of Data Breach
New Zealand Health Insurer Investigates IT Provider Hack
Image: Accuro

A cyber incident at an external IT infrastructure provider for New Zealand private health insurer Accuro may have affected the personal data of the underwriter's 34,000 customers.

The Wellington based not-for-profit insurer said its investigation into the incident so far hasn't revealed evidence of a data breach "but we cannot rule out this possibility."

See Also: Meeting the Mandate: A Proactive Approach to Cybersecurity Compliance and Incident Reporting

A Thursday statement from CEO Lance Walker said day-to-day operations and customer service have been affected by the incident, warning of delays in service including claims processing. The company notified the New Zealand Government's Computer Emergency Response Team and the Office of the Privacy Commissioner and has brought in outside cybersecurity support, the company said.

Company Chief Financial Officer Joe Benbow wouldn't confirm or deny the incident is a ransomware attack, reported the New Zealand Herald. Benbow also declined to identify the third-party infrastructure provider.

Ransomware hackers based in Russia attacked private health insurer Medibank in neighboring Australia in October and earlier this month dumped online data they characterized as a full set of stolen customer data (see: Medibank Hackers Dump Stolen Data on the Dark Web).

Threat Landscape in New Zealand

Reported cyber incidents have been on a steady rise. CERT NZ reported last December year-end increases in phishing and credential harvesting as well as malware.

The government agency's most recent quarterly report shows New Zealanders reported $NZ3.9 million in direct financial losses due to cyber incidents from April to June, an amount that's also the average for quarterly losses experienced over the past 24 months.

Reports of phishing and credential harvesting in particular have spiked by nearly tenfold since 2017 to more than 3,700 known incidents.

A recent report by Technology Users Association of New Zealand on the state of Kiwi digital transformation warned that "leaders have their work cut out for them to prevent cyberattacks."

The report, based on interviews with senior corporate and public sector officials, found that high-profile attacks have increased awareness and nudged leaders into thinking beyond the security of access points and on to adopting security by design.

"I think that New Zealand companies and organizations felt safe and secure by being down the bottom of the world," association CEO Craig Young told SecurityBrief New Zealand in June. But physical isolation isn't a defense in cyberspace, he added. "It only takes a couple of milliseconds for a message to come or leave New Zealand."

About the Author

Mihir Bagwe

Mihir Bagwe

Principal Correspondent, Global News Desk, ISMG

Bagwe previously worked at CISO magazine, reporting the latest cybersecurity news and trends and interviewing cybersecurity subject matter experts.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing, you agree to our use of cookies.