Photo: jeffbergen/Getty Images
A widely used medication management platform in New Zealand has gone offline following a major hack into its system.
On 22 February, privately owned company MediMap said its system was breached by still unidentified hackers, who reportedly changed some patient details, including names and living status.
MediMap is used by providers in aged care, disability services, hospices, and community health to record medication doses accurately.
The company has since advised providers to activate business continuity plans while its portal remains offline. Te Whatu Ora Health New Zealand said its services were among those impacted by the shutdown, including transfer of care processes in residential aged care and opioid recovery services.
In a statement on 25 February, MediMap said it sought a court injunction to protect the information of any affected individuals.
"[W]hile some resident and patient data may have been accessed, residents and patients will continue to receive the same level of care while the MediMap system remains offline," it assured.
Authorities, including NZ Police, the National Cyber Security Centre, and the Office of the Privacy Commissioner, have been informed and engaged following the incident. Investigation into the hack and data modification is still ongoing.
THE LARGER TREND
This latest incident followed a privacy breach on another popular healthcare portal, Manage My Health, before the New Year. That hack affected up to 126,000 users, its private operator said. A series of IT outages due to "IT equipment failure" across the public health system has also been reported since the start of the year.
Following the hack on MediMap, Te Whatu Ora acting chief IT officer Darren Douglass said they will reach out to healthcare providers to remind them of their responsibility to meet minimum cybersecurity and privacy requirements to protect patient information.
"People need and deserve confidence that their private and sensitive health information is secure. Protecting patient data is a priority across the health system," he said in an e-mailed statement.
Douglass emphasised that MediMap is solely responsible for ensuring the security of its platform. Still, Te Whatu Ora is supporting the company's response and has also activated its Cyber Incident Management Team.
