Cybercrime a major threat to South Africa’s healthcare sector

South Africa’s healthcare sector has become a prime target for cybercriminals, Check Point Software Technologies warns. The most serious and persistent threat is ransomware.

Based on data analysis of “shaming sites” (websites used to “name and shame” people based on their actions), there have been 224 ransomware attacks worldwide this year targeting the healthcare sector.

The company points out that in the UK, hospitals are cancelling surgeries and blood transfusions following a recent cyberattack that caused the National Health Service to declare a “critical incident”.

Just 24 cases have been reported in Africa, according to Check Point, adding that this is a figure released by ransomware groups as part of double extortion efforts.

“Of course, there are others that have not been published, and many more that have been blocked. These ransomware groups are not specific to the healthcare sector, but affect other sectors as well,” the company said.

Shayimamba Conco, workspace solutions architect at Check Point, says: “While this data may be imprecise, it provides valuable information about the ransomware landscape.”

Conco adds that underreporting remains an ongoing challenge. “Underreporting complicates efforts to fully understand the scale and impact of ransomware. By encouraging transparency and proactive security measures, organizations can better protect themselves and contribute to a more accurate picture of the ransomware threat landscape.”

An example of an attack on a local healthcare service is the recent hack of the National Health Laboratory Service (NHLS) in South Africa, which targeted internal and external systems.

In a government statement, the organization says it quickly established an incident response team that included both internal experts and external cybersecurity specialists.

The statement reads: “All users should be aware that the NHLS network laboratory system is heavily dependent on IT systems that have been disrupted.

“It has been determined that portions of our system have been taken down, including our backup server, and this will require rebuilding the affected portions. Unfortunately, this will take some time and the investigation has not progressed far enough to allow us to determine a time frame for restoring our systems and full service.”

South Africa is moving to a National Health Insurance (NHI)-based healthcare service model, which Conco says will increase security risks for the country due to the increased amount of data and expanded attack surface.

Check Point believes that introducing NHI without due diligence on comprehensive cybersecurity measures and the necessary skills to plan, monitor and manage them will increase the sector’s vulnerability to threats.

The company identified significant gaps in cybersecurity practices at key institutions, including hospitals.

The company warns that these vulnerabilities may be due to the use of outdated technology, insufficient security measures and a lack of comprehensive cybersecurity strategies.

“Hospitals and other mission-critical institutions can have difficulty complying with cybersecurity regulations and standards due to the complexity of the requirements and the need for specialized knowledge,” Conco says.

“Ransomware attacks can cripple hospital operations, delaying treatment and procedures, and potentially putting patients’ lives at risk. Compromised patient data can lead to privacy and security breaches, with long-term consequences for those affected. This can include identity theft and other forms of exploitation. In addition to the ransom itself, the costs associated with recovery, system upgrades, legal fees, and potential fines can be significant,” he continued.

But the biggest cost is reputational damage, Conco says. “Trust is key in healthcare, and a successful ransomware attack can damage an organization’s reputation, eroding patient confidence and potentially leading to lost business.”

The company advocates for the implementation of advanced security technologies such as threat intelligence platforms, AI-based threat detection, and automated incident response systems.