12 January 2023

Accuro Health Insurance (Accuro) has become aware that the unauthorised third party responsible for the cyber-security incident which impacted IT provider Mercury IT in late November, has illegally disclosed additional information belonging to Accuro online.

Accuro CEO Lance Walker said that Accuro is assessing this new release of data to determine what it contains and who the information belongs to.

“We are working with our incident response partners and forensic experts to understand the information in the data released by the unauthorised third party. The High Court injunction to prevent anyone from using any illegally downloaded information also remains in place. 

“Where we determine our members’, partners’ or employees’ personal information is included in the data disclosed, we will work as swiftly as possible to notify any affected individuals at risk who we have not already been in contact with and will advise them of specific steps they can take to protect their information from misuse.

“We remain committed to providing our members, partners, and staff with ongoing updates as more facts are established. In the meantime, there is information and advice available on our website, and we continue to work with the Office of the Privacy Commissioner.

“We appreciate that this is a concerning situation for all our loyal members, partners and staff and we thank them for their ongoing support as we respond to this matter,” said Mr Walker. 

Contact: media@accuro.co.nz 


20 December 2022

Accuro Health Insurance (Accuro) has become aware that the third party responsible for the cyber-security incident impacting Mercury IT, has disclosed some information belonging to Accuro online.

Accuro CEO Lance Walker said Accuro is working as swiftly as possible to thoroughly analyse the disclosed Accuro information to determine what it contains.

“We are assessing the data to determine who the information belongs to and taking steps to have the disclosed information removed where possible. 

“I also welcome the news that the High Court has granted an injunction to prevent anyone from using any illegally downloaded information, says Mr Walker.

“Where we determine our members’, partners’ or employees’ personal information is included in the data-set disclosed online, we will work as swiftly as possible to notify affected individuals at risk and advise them of specific steps they can take to protect their information from misuse.

“As previously advised, we have already engaged cyber-security and forensic IT experts and have proactively notified relevant regulatory and government agencies of our IT provider’s incident, including the Office of the Privacy Commissioner. We will continue to liaise with these agencies and take their advice.  

“We are committed to providing our members, partners, and staff with ongoing updates as more facts are established and providing tailored support and advice in response.

“We regret that this incident has occurred and for any concern this situation may be causing our valued members, partners and staff at present,” said Mr Walker.   

Contact: media@accuro.co.nz


17 December 2022

Accuro CEO Lance Walker says that he welcomes news that the High Court has granted an injunction to prevent anyone from using any illegally downloaded information obtained through the recent Mercury IT cyber incident.

“We continue to work as swiftly as possible with our forensic IT partners to analyse the situation to determine what data has been accessed and who it belongs to.  

“We have been in regular contact with our members and are committed to providing them, along with our wider community of staff, advisers and partners with ongoing updates, advice and support as more facts are established.

“In the meantime, we welcome the additional protection that this injunction provides for our members, partners and staff”

Contact: media@accuro.co.nz


15 December 2022  


Accuro Health Insurance (Accuro) has become aware that the third party responsible for the cyber-incident downloaded a set of data from Mercury IT during the unauthorised access of their systems, which contains information relating to Accuro. 

Accuro CEO Lance Walker said Accuro is working as swiftly as possible to thoroughly analyse the downloaded Accuro information to determine what it contains. 

“While this analysis is well underway, it may take some time to complete.  At this stage we have not identified any personal or member information in the downloaded dataset, but we cannot rule out this possibility. 

“We have already engaged cyber-security and forensic IT experts and have proactively notified relevant regulatory and government agencies of our IT provider’s incident, including the Office of the Privacy Commissioner. We will continue to liaise with these agencies and take their advice.    

Should we discover that any personal or member information is present in the downloaded dataset we will assess this information to determine exactly what it is and who it belongs to, and we will directly contact anyone deemed to be at risk as a result.  

We have been in regular contact with our members and are committed to providing them, along with our wider community of staff, advisers and partners with ongoing updates as more facts are established and providing tailored support and advice in response”. 

“We deeply regret that this incident has occurred and for any concern this situation is causing our members, advisers, partners and staff at present,” said Mr Walker.  

Contact: media@accuro.co.nz


01 December 2022

Accuro Health Insurance has engaged a team of specialist cyber-security advisors after being made aware its external IT infrastructure provider (Mercury IT) had experienced a cyber-security incident this week.

CEO Lance Walker says that as a result of Mercury IT’s incident, Accuro’s day to day operations and customer service have been impacted, however incident response plans have been activated enabling operations to continue via alternative processes.  

Mercury IT has advised relevant Government agencies and engaged specialist cyber security support.  Accuro has also notified relevant financial regulatory authorities and have engaged its own advisors.

“We have notified our members, the New Zealand Government’s Computer Emergency Response Team (CERT NZ) and the Office of the Privacy Commissioner.

As a precaution, we are basing our response on the possibility that member data may have been accessed as a result of Mercury IT’s cyber-security incident, however this has not yet been confirmed.  Our primary focus right now is to fully understand the situation and respond accordingly.

Key services including claims are being maintained, although there will be delays – our priority is making sure we can continue to support our members,” says Mr Walker.

Accuro is a New Zealand-owned operated not for profit health insurance provider supporting more than 34,000 members.

Contact: media@accuro.co.nz