The health company at the centre of a data breach is urgently seeking a court injunction to stop anyone sharing stolen data. Online health portal MediMap said the company is seeking a court injunction that would “prohibit anyone from accessing, using, copying, sharing, or publishing any MediMap data that may have been unlawfully obtained, and would seek to limit any further spread of that information online”. The director of MediMap said this morning the portal was hacked by a person stealing login credentials of a legitimate user to create havoc in the system. The compromised health portal’s director Geoffrey Sayer told Newstalk ZB’s Mike Hosking the company was “responding quite well” after the MediMap hack, which saw some live patients labelled as “dead” and names replaced with those of politicians and Charlie Kirk. MediMap is used widely across New Zealand in the aged care, disability, hospice and community health sectors. Sayer said the company discovered “an incident” around 1.30pm on Sunday and shut the system down for precaution and “containment”. The company did not know who was responsible, he said, but it did not appear to be a cyberattack – meaning someone using brute force to hack into a system through a software vulnerability. “This is a case of someone stealing credentials and using those credentials of a legitimate user of MediMap to cause this harm.” Independent forensic experts and government agencies were helping analyse what had happened and its impact, he said. Asked if a “hacktivist” was responsible, Sayers said he didn’t want to be dragged into giving someone a “political platform”. “The key part for us is to understand how we’re going to get patient care back.” Associate Health Minister David Seymour said what should be done in terms of cyber threats and security has been discussed “quite high up” in government, even weeks before the MediMap breach. “I think we’re behind some of our comparator countries out there, and we need to do better at it and we will”. He told Ryan Bridge Today the Government is looking at whether companies which have people’s data stolen or oversee a breach should face higher penalties. Green Party co-leader Marama Davidson said the Government’s cost-cutting has contributed to the problem. “This is under a Government who have gutted, particularly in the health space, where they’ve had to fire their own IT and data specialists.” In the context of the Government “constantly cutting funding”, infrastructure like this starts to fall down, she said. “So what are the cyber security minimum standards, and what are the accountability measures for when this happens? It’s happened a couple times now recently, especially in health.” It’s the second major hack of a privately owned health platform, following the Manage My Health data breach over the New Year holiday. A Health New Zealand spokesman said as a private company, MediMap was solely responsible for ensuring the security of its platform and minimising the impact of the hack. But Health NZ’s former chair Rob Campbell said there were issues around governance, from both Health NZ and the Ministry of Health, regarding “what level of attention is required of people who are spending public funds, or providing public services – even if they may be private operators”. Speaking to Ryan Bridge on Newstalk ZB earlier this morning, Campbell said there had been warnings for a long time that the health system had “vulnerabilities” and they should have been addressed much sooner. “It’s expensive, it can be complex, it’s not headline-grabbing stuff so it’s the sort of thing that people do put off.”