A ransomware attack on a New Zealand managed service provider (MSP) caused disruption to the operations of several of its clients, most of which were in the healthcare sector. The attack, which occurred in late November, prevented staff from the country's health ministry from accessing thousands of medical records. Other businesses affected by the attack included the Ministry of Justice, six health regulatory authorities, a health insurer, and a few other companies. The MSP, Mercury IT, is based in Australia and has 33 employees. As a result of the attack, Te Whatu Ora, the New Zealand health ministry, was unable to access at least 14,000 medical records, including 8,500 bereavement care services records and 5,500 cardiac inherited disease registry records. Accuro, a health insurance firm, reported an illegal download and dissemination of corporate data following the attack. Most of the stolen data was related to the company's finances, and some of it included member contact information and policy numbers. This incident demonstrates how MSPs are attractive targets for attackers due to the large amount of client data stored in their systems. It is important for IT admins to audit an MSP's security practices before they pay. According to the 2021 MSP Threat Report by ConnectWise, 60% of MSP client incidents were related to ransomware. Weak passwords are often the cause of ransomware attacks, and one of the most common methods for distributing ransomware is an RDP brute-force attack. To protect against these attacks, organizations should set a finite number of login attempts before the account is temporarily locked down. Specops Password Auditor is a free read-only password auditing tool that can help IT admins identify weak passwords and password policies that are not compliant with various standards.
This Cyber News was published on thehackernews.com. Publication date: Thu, 09 Feb 2023 11:47:02 +0000