Cyber crime a major threat to SA’s healthcare sector

Christopher Tredger
By Christopher Tredger, Portals editor
Johannesburg, 08 Jul 2024
Shayimamba Conco, Check Point’s workspace solutions architect.
Shayimamba Conco, Check Point’s workspace solutions architect.

South Africa’s healthcare sector has become a prime target for cyber criminals, warns Check Point Software Technologies, with ransomware the most serious and persistent threat.

Based on analysis of data on ‘shame sites’ (websites used to ‘name and shame’ people based on their actions), this year to date, there have been 224 reported ransomware attacks globally targeting the healthcare sector.

The company points out that in the UK, hospitals are cancelling operations and blood transfusions after a recent cyber-attack caused the National Health Service to declare a 'critical incident'.

In Africa, the figure is only 24 reported cases, according to Check Point, which adds that this is the amount published by ransomware groups as part of double extortion efforts.

“Of course, there are others that are not published, and many more that were blocked. These ransomware groups are not specific to the healthcare sector, but also affect other sectors," the company states.

Shayimamba Conco, Check Point’s workspace solutions architect, says: “While this data may carry biases, it provides valuable insights into the ransomware landscape.”

Conco adds that underreporting remains an ongoing challenge. “Underreporting complicates efforts to fully understand the scale and impact of ransomware. By encouraging transparency and proactive security measures, organisations can better protect themselves and contribute to a more accurate picture of the ransomware threat landscape.”

One example of an attack on local healthcare is the recent breach of South Africa’s National Health Laboratory Service (NHLS), targeted at the internal and external systems.

In a government statement, the organisation claims it swiftly activated its incident response team, which included both internal experts and external cyber security professionals.

The statement reads, “All users will be aware that the NHLS networked laboratory system is heavily reliant on these information technology systems that have been disrupted.

“It has been established that sections of our system have been deleted, including in our backup server and this will require rebuilding the affected parts. Unfortunately, this will take time and investigations thus far have not advanced enough for us to give a timeframe toward the restoration of our systems and full service.”

NHI heightened risk

South Africa is transitioning to a national health insurance (NHI) healthcare services model, a development Conco believes will heighten the country’s security risk due to increased data volumes and expanded attack surface.

Check Point’s view is that the introduction of NHI without due care to extensive cyber security measures and the requisite skills to plan, monitor and manage them, will enhance the vulnerability of the sector to threat actors.

The company has identified significant gaps in cyber security practices within key institutions, including hospitals.

These gaps can arise from outdated technology, insufficient security measures, and a lack of comprehensive cybersecurity strategies, the company warns.

“Hospitals and other critical institutions may struggle with compliance to cyber security regulations and standards due to the complexity of requirements and the need for specialised knowledge,” says Conco.

“Ransomware attacks can cripple the ability to perform hospital operations, delaying treatments and procedures, and potentially risking patient lives. Compromised patient data can lead to breaches of privacy and security, with long-term consequences for affected individuals. This can include identity theft and other forms of exploitation. Beyond the ransom itself, the costs associated with recovery, system upgrades, legal fees, and potential fines can be substantial," he continues. 

But the greatest cost is reputational damage, says Conco. “Trust is critical in healthcare, and a successful ransomware attack can damage an organisation's reputation, eroding patient trust and potentially leading to a loss of business."

The company advocates the adoption of advanced security technologies such as threat intelligence platforms, AI-driven threat detection, and automated incident response systems.