The National Health Laboratory Service (NHLS) is still suffering from the cyber attack last June that annihilated its ICT systems and infrastructure, and resulted in it not meeting 25% of its annual targets, according to Dr Sylvia Sathekge, CIO of the NHLS.
ITWeb reports that Sathekge was part of a panel discussing cyber security and building resilience at the 28th annual national conference of the Institute of Internal Auditors SA this week, where she admitted that because of the impact on the NHLS targets, cyber attacks had to be elevated to a top risk for the organisation and not a “by-the-way”.
The organisation’s diagnostic pathology service deals with about 85% of the South African population.
Sathekge said the Information Regulator was still ”asking us about the attack; we still get the South African Police Service saying they can’t do anything about it − there’s no one to go after”.
Research data show that it takes on average of 18 months to recover from a hacking incident like this, she added.
“Thankfully, all patient data are safe,” the NHLS said last year.
In March, the NHLS reportedly told the Parliamentary Portfolio Committee on Health that most of the IT infrastructure was out of date and could not be updated. In addition, staff were not fully apprised of the danger of clicking on unknown links.
Sathekge told conference attendees that the organisation was attacked via phishing on e-mails, adding that it is still trying to figure out the extent of the impact.
Responding to a question on how internal auditors can practically influence the board of directors to understand that cyber security is imperative and inculcates the culture, the CIO said when she started at the NHLS, she had insisted the issue should be considered among the strategic risks within the organisation.
“When I assessed the risks, I told the head of internal audit at NHLS that one is missing, and it’s called cyber security and it’s not for IT. It must be the responsibility of the board, the CIO or the CEO, and we added it as a strategic risk that the board has accepted.
“I would advise all organisations to have cyber attacks among the top five risks of their business. It’s not a matter of if, but when.”
IT Web article – 2024 hack aftermath hits national lab’s annual targets (Open access)
See more from MedicalBrief archives:
NHLS cyber hack continues to cause chaos in hospitals
Cyber attacks create havoc in state hospitals in SA, and globally