Cyber Incident Victim: New Zealand Nurses Organisation

On November 30, 2022, the New Zealand Nurses Organisation (NZNO) experienced a significant cybersecurity incident involving unauthorized access to its IT infrastructure. Attackers deployed ransomware that encrypted critical systems, disrupting NZNO’s internal operations and member services. The incident was detected through system access anomalies and widespread file encryption alerts. NZNO immediately isolated affected servers and workstations to contain the spread. Forensic analysis confirmed the attackers exfiltrated sensitive data, including member contact details, employment records, and internal communications, prior to deploying the ransomware. The LockBit ransomware group claimed responsibility for the attack, listing NZNO on its data leak site and threatening to release stolen information unless a ransom was paid. NZNO engaged cybersecurity specialists to assist with incident response and notified New Zealand’s Computer Emergency Response Team (CERT NZ).

The ransomware attack halted NZNO’s email systems, disrupted payroll processing for staff, and temporarily disabled member support channels. Operational impacts included delayed responses to industrial relations inquiries and postponed administrative functions. NZNO maintained public communications through alternative channels while restoring systems from offline backups. No ransom payment was made to the attackers. Between December 2022 and January 2023, NZNO conducted a comprehensive review of compromised data and notified affected members about potential exposure of personal information. The organisation implemented enhanced network segmentation, multi-factor authentication, and endpoint detection systems during recovery. Full restoration of services took approximately six weeks, with ongoing monitoring for unauthorized data disclosures. NZNO collaborated with privacy regulators and unions to address member concerns regarding data security.