Full Report
Health New Zealand is aware that MediMap, a privately owned and operated medication management platform, has taken its platform offline after identifying unauthorised activity within its system. MediMap is a digital medication management platform used widely across New Zealand to streamline prescribing, pharmacy dispensing, and medication administration in care environments such as aged residential care, disability services, hospices, and community health. Health NZ is supporting MediMap with its response and has activated our Cyber Incident Management Team to assist. We are also working with other relevant agencies to respond including the National Cyber Security Centre.
Analysis Summary
# Incident Report: MediMap Unauthorized Access Incident
## Executive Summary
MediMap, a private digital medication management platform used extensively across New Zealand's healthcare sector, has taken its systems offline following the discovery of unauthorized activity. While the platform is privately owned, Health New Zealand has activated its Cyber Incident Management Team to assist with the response due to the platform's critical role in aged care, hospice, and community health services.
## Incident Details
- **Discovery Date:** Approximately February 24, 2026
- **Incident Date:** February 2026
- **Affected Organization:** MediMap (Privately owned medication management platform)
- **Sector:** Healthcare / Digital Health Services
- **Geography:** New Zealand (National scope)
## Timeline of Events
### Initial Access
- **Date/Time:** Undisclosed
- **Vector:** Unknown/Unauthorized activity identified
- **Details:** MediMap identified unauthorized activity within its system, leading to a proactive shutdown of the platform.
### Lateral Movement
- **Details:** Specific technical details regarding lateral movement have not yet been disclosed by MediMap or Health NZ.
### Data Exfiltration/Impact
- **Details:** Investigation is ongoing; however, the primary impact is service unavailability for prescribing, dispensing, and medication administration.
### Detection & Response
- **Detection:** Identified by MediMap internal monitoring/security protocols.
- **Response Actions:**
- Platform taken offline to contain the threat.
- Notification sent to users to trigger Business Continuity Plans (BCP).
- Health NZ activated Cyber Incident Management Team (CIMT).
- Engagement with NCSC, NZ Police, and Office of the Privacy Commissioner.
## Attack Methodology
*Note: Specific technical methodology has not yet been released. The following reflects current known status.*
- **Initial Access:** Unauthorized activity (Method TBD)
- **Persistence:** TBD
- **Privilege Escalation:** TBD
- **Defense Evasion:** TBD
- **Credential Access:** TBD
- **Discovery:** TBD
- **Lateral Movement:** TBD
- **Collection:** TBD
- **Exfiltration:** TBD
- **Impact:** Service disruption/Account lockout/data integrity risks.
## Impact Assessment
- **Financial:** TBD; costs associated with incident response and downtime.
- **Data Breach:** Under investigation; potential exposure of patient medication records.
- **Operational:** HIGH; Disruption to aged residential care, disability services, and hospices. Disruption to Health NZ opioid recovery services and patient discharge transfers.
- **Reputational:** Significant public concern regarding the security of private medical data management.
## Indicators of Compromise
- **Network indicators:** None disclosed at this time.
- **File indicators:** None disclosed at this time.
- **Behavioral indicators:** Unauthorized system modifications/access identified by internal monitoring.
## Response Actions
- **Containment measures:** Full platform shutdown (isolation).
- **Eradication steps:** Ongoing investigation by MediMap and NCSC.
- **Recovery actions:** Implementation of manual Business Continuity Plans (BCPs) by pharmacies and care facilities to ensure patient safety.
## Lessons Learned
- **Key takeaways:** Third-party digital platforms in the healthcare supply chain represent a significant systemic risk to public health services.
- **What could have been done better:** (Pending full investigation) Need for robust, tested manual backup procedures across all clinical environments relying on SaaS platforms.
## Recommendations
- **Prevention measures:**
- Ensure all third-party vendors meet NZ healthcare security standards (HISO).
- Implement multi-factor authentication (MFA) across all administrative and user access points.
- Regularly audit logs for "unauthorized activity" to catch intrusions before data exfiltration occurs.
- Maintain and regularly exercise offline/manual Business Continuity Plans for medication management.