South Africa’s healthcare sector is at a pivotal moment with the new government and the proposed National Health Insurance (NHI) scheme on the horizon.
“No matter the direction of the country’s healthcare policies, the reliance on digitisation and technology will be vital in rolling out universal healthcare services, making cybersecurity readiness a top priority,” says Check Point’s Workspace Solutions Architect, Shayimamba Conco.
Recent breaches, such as those affecting Discovery Insure, GEMS, and the National Health Laboratory Services (NHLS), underscore the urgent need for robust cybersecurity measures. Ransomware group BlackSuit claimed responsibility for the attack on NHLS, which forced the institution to shut down its IT systems for two days last month. BlackSuit stated it stole 1.2 TB of data, including business contracts, contacts, employee data, product data, financial data, and medical data.
Globally, healthcare institutions have become prime targets for cybercriminals due to the high value of medical records and personal data. In the UK, hospitals are currently canceling operations and blood transfusions following a cyber-attack that led the National Health Service to declare a ‘critical incident.’ In Dumfries, Scotland, ransomware gangs have threatened to publish personal medical records after a recent attack on the town’s health services.
South Africa is experiencing a steady increase in cybersecurity attacks, mirroring global trends.
Commenting on the critical nature of cybersecurity resilience in the healthcare industry, Conco says, “In South Africa, the healthcare sector faces a similar threat landscape. The advancement of ransomware has led to a significant increase in attacks exploiting zero-day vulnerabilities. In 2023 alone, there was a 90% increase in ransomware incidents compared to the previous year.”
“Ransomware attacks can cripple hospital operations, delay treatments, and potentially risk patient lives. Compromised patient data can lead to breaches of privacy and security, with long-term consequences including identity theft and other forms of exploitation. Beyond the ransom itself, the costs associated with recovery, system upgrades, legal fees, and potential fines can be substantial,” says Conco.
“Perhaps the greatest cost is reputational damage,” Conco adds. “Trust is critical in healthcare, and a successful ransomware attack can damage an organization’s reputation, eroding patient trust and potentially leading to a loss of business.”
According to Conco, the healthcare sector is particularly vulnerable to ransomware attacks for several reasons:
- Sensitive Data: Healthcare providers store vast amounts of sensitive personal and medical data, making them prime targets for cybercriminals.
- Critical Systems: Medical facilities rely on continuous access to digital systems for patient care, diagnostics, and treatment, meaning any disruption can have immediate and severe consequences.
- Outdated Infrastructure: Many healthcare organizations use outdated IT infrastructure and software, which may lack the necessary security features to fend off sophisticated cyberattacks.
- Financial Pressure: Given the potential risk to patient safety and the urgency of restoring systems, healthcare organizations may feel pressured to pay ransoms quickly.
The South African Cybersecurity Landscape
An organization in South Africa is attacked on average 1,274 times per week. The top malware in South Africa includes FakeUpdates, Botnets, AsyncRat (a Remote Access Trojan), and various Downloaders. In the last 30 days, 57% of malicious files were delivered via the web. The most common vulnerability exploit type is Information Disclosure, impacting 75% of organizations.
A recent Check Point Threat Intelligence report shows that South African organizations are attacked on average 1,175 times per week. The top malware threats include FakeUpdates, Botnets, AsyncRat, Formbook (an Infostealer), and various Downloaders. Notably, 84% of malicious files were delivered via the web in the last 30 days.
Ironically, local healthcare’s efforts to improve efficiency and cost savings through digital transformation have expanded the sector’s attack surface, with a noticeable increase in attacks on routers, VPN hardware, and other edge devices. This trend underscores the urgent need for healthcare institutions to allocate resources for their protection.
Proactive Measures and Strategies
A case study from a major healthcare provider in South Africa demonstrates the successful implementation of a comprehensive security program. The program consolidated security investments, offering a scalable platform to support the institution’s growth and providing full visibility of the security posture across their multi-cloud environment. This approach significantly reduced the total cost of ownership (TCO) and minimized operational overhead, while also decreasing the number of security alerts and uncovering dormant threats.
Conco concludes, “As South Africa moves increasingly towards digital transformation in healthcare, the sector’s reliance on technology will increase, making cybersecurity readiness more critical than ever. By adopting proactive measures, leveraging AI technologies, and focusing on education and collaboration, South African healthcare institutions can strengthen their defenses and ensure the safety of sensitive patient data.”
