Hackers Breach New Zealand Health Insurer Accuro

New Zealand’s self-touted “best little health insurer” has issued a data breach notice, informing customers that its core systems are down following a cyber attack.

Accuro is a New Zealand-owned not for profit health insurer with more than 34,000 clients across the country. It offers access to a virtual clinic, a mental health service, wellness apps, and preventative care, among other benefits.

In a letter posted to its news hub, Accuro reveals that its IT provider suffered a cyber-attack that severed access to a number of its core systems.

“Our IT provider is working with their own forensic experts and Government agencies to understand the nature and extent of the impact,” reads the statement. “We have also notified the relevant regulatory authorities including the Office of the Privacy Commissioner.”

According to the notice, there is no evidence that any data has been compromised – i.e. fallen into the attackers’ hands. However, Accuro is the first to admit it cannot rule out this possibility.

“As a precaution, we are basing our response on the possibility that member data may have been accessed as a result of our IT provider’s cyber-security incident, however this has not yet been confirmed,” it states.

“Our current focus is working with our IT provider to investigate and understand the situation further,” says the insurer. “As we know more, we will continue to communicate directly with our members and have set up this information page to provide regular updates.”

It is unclear when the breach occurred exactly, but Accuro says “systems remain offline which will impact services and we request your patience as we work towards a solution.”

The company informs customers that there will be a delay in processing pre-approval claims, and there may also be a delay in processing payments deducted from debit cards. Customers who have any urgent inquiries are directed to [email protected].

The incident closely follows a similar hack on Australia’s giant insurer Medibank, which compromised the data of more than 4 million customers. Like Accuro, Medibank’s initial assessment was that no customer data had been exposed during the breach.