MediMap, Momentum, And The Missing Strategy: Why This Matters Now

New Zealand is preparing to release a long-awaited national cyber security strategy after it effectively lapsed in 2023, while the country deals with a second high-profile health data breach in just two months.

For organisations across New Zealand, the UK, and Europe, this moment is less about a single incident and more about what happens when national strategy, real-world incidents, and organisational readiness drift out of sync.

This article looks at what the MediMap incident tells us, why national cyber strategies matter, and what organisations should be thinking about now.

What Happened With MediMap

The health platform MediMap was taken offline after a cyber incident where patient information was altered, including cases where people were incorrectly recorded as deceased.

Reports indicate the attack involved stolen login credentials, which allowed unauthorised changes to patient data.

This is not just a technology issue. It highlights the real-world consequences of identity compromise and the importance of protecting access to sensitive systems.

Healthcare platforms are particularly sensitive because:

• Data accuracy directly affects care delivery
• Systems connect across multiple providers
• Operational disruption impacts frontline services

These factors make healthcare breaches globally significant, not regionally unique.

Why The Timing Matters

New Zealand typically releases cyber security strategies every four years. Previous strategies were published in 2011, 2015, and 2019.

The 2019 strategy set out government priorities to help New Zealand “thrive online” and strengthen cyber resilience across government, business, and communities.

However, the strategy effectively lapsed in 2023 without replacement, and a refreshed version expected in 2024 has not yet been released.

At the same time, cyber threats continue to grow in scale and complexity.

This creates a gap between:

• National ambition
• Real-world incidents
• Organisational preparedness

That gap is not unique to New Zealand.

National Strategies and Real-World Risk

National cyber strategies play an important role in:

• Setting direction and priorities
• Encouraging public-private collaboration
• Raising awareness and capability
• Supporting resilience across critical sectors

Globally, most strategies share common goals, including collaboration and protection of critical assets.

However, strategy alone does not reduce risk. Implementation, adoption, and organisational maturity matter just as much.

This is where the MediMap incident becomes a useful lens.

The UK And European Perspective

The UK and Europe have seen similar moments where incidents accelerate policy momentum.

Examples include:

• Increasing regulatory focus such as NIS and NIS2
• Greater emphasis on supply chain and critical infrastructure resilience
• Stronger expectations around identity, access, and incident response

These shifts were also driven by real-world incidents that exposed gaps between policy and practice.

New Zealand is now experiencing a similar inflection point.

What This Means For Organisations In New Zealand

The MediMap incident highlights several themes that we increasingly see across New Zealand organisations.

Identity is becoming the primary attack path
Credential theft remains one of the most common and effective attack methods globally.

Operational technology and healthcare are high-value targets
These sectors rely on accurate, available, and trusted data.

National guidance and organisational readiness do not always move at the same pace
Strategies provide direction, but implementation sits with individual organisations.

New Zealand already has baseline guidance such as the NCSC Minimum Cyber Security Standards, which focus on core security practices.

The challenge is translating guidance into everyday operational controls.

The Similarities Across Regions

It is important to avoid framing this as a regional gap. The same themes appear across the UK, Europe, and New Zealand:

• Identity and credential compromise remain dominant attack methods
• Healthcare and critical services are frequent targets
• Strategy and regulation often follow high-profile incidents
• Organisations struggle to translate guidance into daily operations

These are shared challenges across mature digital economies.

Why This Moment Matters

The upcoming strategy will likely focus on:

• Strengthening resilience
• Increasing collaboration
• Improving national capability
• Encouraging better organisational security practices

But the real impact depends on how organisations respond.

National strategy creates momentum. Organisations create resilience.

What Leaders Should Be Thinking About Now

This moment is an opportunity for organisations to ask practical questions:

• How well do we protect access to critical systems?
• How quickly could we detect credential misuse?
• How resilient are our healthcare or operational platforms?
• How aligned are we with national guidance and baseline controls?

These questions are relevant regardless of geography.

The Bigger Picture

The MediMap incident and the delayed strategy are part of the same story.

Cyber security is becoming more visible, more operational, and more connected to public trust.

Across New Zealand, the UK, and Europe, the pattern is consistent: incidents create urgency, strategy creates direction, and organisations create resilience.

The organisations that use this moment to review and strengthen their posture will be better positioned for what comes next.

👉 If you are reviewing how your organisation aligns with emerging New Zealand cyber security strategy expectations, we can help you sense-check your current posture, identify practical gaps, and translate national guidance into everyday operational controls. Contact us below for more information about how we can help…

🇬🇧 📞 +44 (0) 113 341 0123

🇳🇿 📞 +64 (0)9 802 2444

📧 hello@itogether.com