New Zealand's health system has suffered another major data breach, this time involving the MediMap service, with attackers gaining write access to patient records—meaning they could potentially alter or delete medical data.

Multiple New Zealanders reported receiving calls from Health NZ today informing them of potential impacts from the breach. One Reddit user in the r/newzealand community described their frustration: Health NZ confirmed attackers had write access but couldn't say what data was modified.

Let that sink in. The attackers didn't just read patient records—they could change them. And the health system can't tell patients whether their medical records have been tampered with.

This is catastrophically bad for several reasons. First, medical records are life-and-death information. If an attacker altered allergy information, medication dosages, or medical histories, healthcare providers could make dangerous decisions based on corrupted data.

Second, this isn't Health NZ's first rodeo—it's the latest in a string of breaches. The health system's cybersecurity is clearly not fit for purpose, and each breach erodes public trust further.

Third, many affected New Zealanders don't even know what MediMap is or why it had their data in the first place. The opacity around how health data is shared between systems is concerning in itself.

The technical implications are serious. Write access means the attackers had privileged system access—not just a data leak, but a comprehensive security failure. It suggests either unpatched vulnerabilities, compromised credentials, or fundamental architectural problems with how the system was built.

The political fallout will be significant. Health Minister Shane Reti is already facing pressure over hospital wait times, staffing shortages, and budget constraints. Now he'll face questions about why patient data keeps getting compromised and what Health NZ is actually doing to prevent future breaches.

For affected New Zealanders, the advice from Health NZ will likely be some version of "monitor your medical records for anomalies." Which is rich, considering most people have no easy way to access their complete medical records, let alone verify their accuracy.

Mate, cybersecurity isn't optional for health systems—it's fundamental. When attackers can modify patient records and the system can't even tell who was affected or what was changed, that's not a data breach. That's a crisis of institutional competence.