Skip to main content

System Status

Print Article
NZOK ✅
AUOK ✅

 

MediMap NZ Security Incident

Incident Response and Assurance Report

1.Purpose

This document provides a summary of the MediMap NZ security incident, the actions taken to contain and resolve the issue, the validation performed prior to restoring services, and the security improvements implemented following the incident.

The response actions described in this report follow recognised cyber security incident management practices including containment, remediation, validation and controlled restoration of services.

2. Incident Overview

MediMap identified unauthorised access activity associated with compromised valid user credentials within the MediMap New Zealand environment.

Upon detection, MediMap activated its incident response procedures and suspended access to the production system in order to:

  • prevent further unauthorised activity
  • preserve system logs for investigation
  • assess the scope of the incident
  • protect the integrity of medication records within the platform.

The incident response process was undertaken in coordination with:

  • Health New Zealand
  • National cyber security authorities
  • New Zealand Police
  • Independent cyber security specialists.

The MediMap platform has since undergone remediation, security validation and verification prior to preparation for staged restoration of services.

3.Incident Identification and Initial Response

The incident was identified through investigation of abnormal access activity within the MediMap environment.

Following identification, MediMap activated its incident response process and implemented the following actions:

  • isolation of the production environment
  • suspension of user access to the platform
  • preservation of relevant system logs
  • engagement of external cyber security specialists
  • coordination with relevant government agencies.

These actions ensured the environment was stabilised while investigation and analysis were undertaken.

4.Containment Actions

Immediate containment measures were implemented to stop further unauthorised activity.

Actions included:

  • suspension of access to the MediMap production environment
  • deactivation of potentially affected user credentials
  • restriction of system access to authorised incident response personnel
  • preservation of authentication and system logs
  • coordination with Health NZ and cyber security authorities.

These actions prevented further unauthorised activity while the investigation proceeded.

5.Remediation Actions

Following containment, MediMap undertook remediation activities to ensure the environment was secure prior to restoration.

Actions included:

  • security review and refactoring of the MediMap production environment
  • closure of authentication pathways associated with compromised credentials
  • review of system configurations and access controls
  • validation that the system environment was operating as expected.

These activities ensured the platform was returned to a secure operational state prior to restoration planning.

6.External Investigation

MediMap engaged independent cyber security specialists to assist with investigation and validation of the environment.

The investigation included:

  • review of authentication and system access logs
  • analysis of system activity associated with the incident
  • validation of system integrity following containment and remediation actions.

Based on the evidence available within system logs, the activity observed was associated with the use of compromised valid user credentials rather than exploitation of a vulnerability within the MediMap application.

7.Credential and Access Remediation

As part of the recovery process, MediMap implemented credential remediation measures.

These included:

  • mandatory password resets for all MediMap users
  • strengthening of authentication controls
  • closure of authentication pathways associated with the compromised credentials.

These measures ensure previously exposed credentials cannot be reused.

8.Recovery Validation and Verification

Before restoring services, MediMap undertook validation activities to confirm the environment was safe to return to operation.

These activities included:

  • verification of system configuration and security settings
  • integrity checks of application and infrastructure components
  • internal system testing and regression testing.

Production systems were restored to a validated system state prior to the incident, determined through analysis of system logs and verification of system integrity.

Testing confirmed the platform was operating normally prior to preparation for service restoration.

9.Data Review

As part of the investigation, MediMap reviewed available authentication and system activity records to understand what information was accessed and what changes occurred.

The investigation confirmed:

  • unauthorised access occurred using compromised valid user credentials
  • the access resulted in resident records being viewed and information being exposed within the system
  • a subset of records was identified as having data changes, which are being managed through the restoration and validation process.

Where customers have been provided with data extracts for validation, these extracts reflect the specific records and fields identified through the investigation. 10. Platform Restoration State

The MediMap production environment has been secured, refactored and verified prior to restoration planning.

Testing confirmed that:

  • authentication systems operate correctly
  • core application workflows function as expected
  • platform services operate normally.

The restored environment reflects a validated system state prior to the incident.

10.Security Improvements Implemented

Following the incident, MediMap implemented additional security improvements.

Authentication Controls

  • mandatory credential reset across all users
  • strengthened credential management practices
  • improved authentication governance.

Platform Security

  • security review and refactoring of the production environment
  • validation of infrastructure and application security configurations.

Monitoring and Oversight

  • enhanced monitoring of authentication activity
  • strengthened operational oversight during restoration.
  • Sector Coordination

The incident involved compromised credentials originating outside the MediMap platform.

MediMap has worked with sector partners and relevant authorities to ensure organisations review endpoint security and credential management practices.

Sites identified as having potentially compromised devices are being managed directly with Health NZ and cyber security agencies before restoration of system access.

11.Controlled Restoration Approach

Because MediMap supports clinical medication management, restoration of services is being undertaken through a controlled staged approach.

This includes:

  • secure restoration of system access
  • mandatory password reset processes
  • reconciliation of medication charts against pharmacy supply
  • prescriber confirmation where required
  • staged reactivation of integrations such as NZePS.

This approach ensures a safe return to clinical reliance on the platform.

12.Post-Incident Review

MediMap will conduct a formal post-incident review to identify opportunities to strengthen operational resilience.

This review will include:

  • incident retrospective and lessons learned
  • review of security controls and monitoring practices
  • identification of additional improvements where appropriate.
  • Summary

The investigation determined that the activity observed involved the use of compromised valid user credentials rather than exploitation of a vulnerability within the MediMap application. The incident resulted in:

  • unauthorised access to MediMap using compromised credentials
  • exposure of resident information within the system
  • a subset of records experiencing data changes.

Following containment, remediation and validation activities:

  • the MediMap environment has been secured and refactored
  • authentication credentials and access pathways have been remediated
  • the platform has been restored to a validated system state
  • additional monitoring and operational controls have been implemented.

MediMap continues to work with Health New Zealand and sector partners to support a safe and controlled restoration of services.

 

Related articles