Accuro lifts the lid on cyber incident

Steps taken outlined

Accuro lifts the lid on cyber incident

Cyber

By Terry Gangcuangco

Kiwi health insurance cooperative Accuro is shedding further light on the cyber incident that hit its external information technology infrastructure provider Mercury IT towards the end of 2022, offering assurances that the matter is being handled proactively.

According to the not-for-profit insurer, the unauthorised third party responsible for the incident illegally downloaded a set of data – contents of which include information relating to Accuro – from Mercury IT. It has since been revealed that “some” of the information was released on the dark web.

“Following our update on December 20 and the release of some Accuro data online, we are continuing to work with cybersecurity and forensic IT experts to analyse what information has been accessed,” declared Accuro, which has 30,000 members.

“While our current understanding is that the data accessed is from our commercial and management files and largely contains financial information relating to Accuro, we have also identified some member contact details and policy numbers.”

Accuro went on to assert that it has no evidence of any misuse of personal information.

“If we discover personal information that places you at risk, we will directly contact you with the specific steps you can take to protect your information from misuse,” the insurer, which published guidance for those whose details may have been compromised, told its customers.

It was previously highlighted that Accuro was doing all it can to thoroughly analyse what data had been accessed and released, with a view of determining who was directly impacted, if anyone.

“We have also proactively notified relevant regulatory and government agencies, including the Office of the Privacy Commissioner,” added Accuro. “We will continue to liaise with these agencies and take their advice. 

“We will continue working with our third-party cybersecurity and IT experts to closely monitor this incident, and should any concern be raised, we will proactively manage this accordingly.”

The insurer has also engaged New Zealand’s national identity and cyber support community service IDCARE, which can assist Accuro members with interim advice at no cost.

As for when the matter will be put to bed, the insurer and its customers remain faced with uncertainty.

“We are unable to provide any information right now on when this issue will be resolved,” conceded the cooperative, which is assessing the situation on an ongoing basis. “The Accuro team is doing all it can to maintain key services, while also working with our external IT provider and advisors to respond to the cyber incident.

“We are continuing to process claims and collect premiums, but we are experiencing delays. We appreciate that this will be very frustrating for you and raise concerns, but we will keep you informed as we have more to share.”

For now, members whose personal information may or may not have been exposed are encouraged to be vigilant and to keep an eye out for suspicious online activities.

What are your thoughts on cybersecurity? Share in the comments below.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!