MediMap seeks court injunction to stop sharing of stolen data after cyber attack

The health company at the centre of a data breach is urgently seeking a court injunction to stop anyone sharing stolen data.

Online health portal MediMap said the company is seeking a court injunction that would “prohibit anyone from accessing, using, copying, sharing, or publishing any MediMap data that may have been unlawfully obtained, and would seek to limit any further spread of that information online”.

MediMap is working with government agencies, including police, the National Cyber Security Centre (NCSC), and Health New Zealand as it manages the issue and urgently reviews “any data that may have been unlawfully accessed or shared”.

“We understand this situation is concerning for residents, patients, their families, and healthcare providers. We sincerely apologise for any distress this may have caused.”

The company’s investigation is ongoing, it said.

“We are working to identify any personal information that may have been accessed by an unauthorised third party.”

Customers will be contacted about necessary next steps once the process is complete and the facts have been verified, MediMap said.

“We want to reiterate that while some resident and patient data may have been accessed, residents and patients will continue to receive the same level of care while the MediMap system remains offline.”

MediMap’s priority is to work with customers to restore the platform “as quickly and safely as possible”.

The company thanked providers and their staff “for their professionalism and commitment in ensuring continuity of care”.

Cyber breach

Earlier today the director of MediMap said the portal was hacked by a person stealing login credentials of a legitimate user to create havoc in the system.

The compromised health portal’s director Geoffrey Sayer told Newstalk ZB’s Mike Hosking the company was “responding quite well” after the hack, which saw some live patients labelled as “dead” and names replaced with those of politicians and Charlie Kirk.

MediMap is used widely across New Zealand in the aged care, disability, hospice and community health sectors.

Sayer said the company discovered “an incident” around 1.30pm on Sunday and shut the system down for precaution and “containment”.

The company did not know who was responsible, he said, but it did not appear to be a cyberattack – meaning someone using brute force to hack into a system through a software vulnerability.

“This is a case of someone stealing credentials and using those credentials of a legitimate user of MediMap to cause this harm.”

Sign up to The Daily H, a free newsletter curated by our editors and delivered straight to your inbox every weekday.