South Africa is the latest country to fall victim to cyber criminals, who are causing chaos in global healthcare systems and hospitals, risking thousands of lives, hampering services and exerting more pressure on already overworked staff, notes MedicalBrief.
The infiltration a week ago of South Africa’s National Health Laboratory Service (NHLS), in a vicious ransomware virus attack, as reported in MedicalBrief, has caused chaos in public facilities, which are already grappling with personnel and equipment shortages as well as budgetary restrictions.
The NHLS is the state’s only provider of diagnostic pathology services, its giant computer system storing all information for patients in state hospitals and clinics throughout the country.
As a result of the hackers encrypting every bit of data in the system, rendering it unusable, doctors are now having to treat patients for whom they have no medical information, while surgeons are carrying out emergency surgery “blindly”, because they can’t receive blood results in time.
The processing of blood tests, previously automated and made electronically available, is now being manually entered at the state’s 265 nationwide laboratories, with results either being printed on paper or having to be phoned through to doctors.
NHLS CEO Koleka Mlisana told News24 it was “a national health crisis”, and although the attackers had not yet demanded a ransom, “it seems they were probably active in the computer system for more than a month before they struck last Saturday morning, apparently having infiltrated months ago”.
“We have not and will not communicate with them,” she said
However, she added that there had been a message in which the infiltrators introduced themselves as “BlackSuit”, the same name used by hackers in similar attacks in Europe, using similar ransomware.
Local specialists are working to remove all harmful viruses and stabilise it enough to get it up and running, she said, and while large parts of the system, including backup data, have been erased, it is not yet known whether patient information has been destroyed.
There are indications that the attackers are still active within the NHLS, and the IT specialists have already constructed an additional layer of security to try to prevent further damage.
Priya Pillay, head of the department of obstetrics and gynaecology at Steve Biko Academic Hospital, said the slow turnaround time of blood tests was endangering lives.
Whereas previously it would take an hour to get a result, it is now taking up to 10 hours.
Delays in the delivery rooms can also be life-threatening – the hospital often manages high-risk maternity cases.
“A Caesarean section, for example, cannot be done before it can be determined what the woman’s platelet count is, because it determines, in case of bleeding, the ability for blood to clot.
“We must choose: either we take the patient in for their surgery without blood results, or we wait hours for it and possibly cause foetal distress. I am very concerned about the risk.”
Doctors on the run
Instead of attending to patients in the wards, doctors have been running up and down to the hospital’s laboratory, 800m away, added Pillay.
“They run with the blood to the lab and wait in line for it to be processed. The results are typed out or even handwritten at times. It is very difficult for us.”
Cloete van Vuuren, infection control specialist in the Free State and head of internal medicine at 3 Military Hospital in Bloemfontein, described the situation as a nightmare.
“It has had a huge impact on our service delivery. I am currently dealing with a case where we need the previous results of a patient to determine what steps we need to take next, but we have no access to the laboratory system.”
There is no lab on the hospital premises, so they must call for the results, which would usually be electronically sent.
“But they are also so overwhelmed that it is very difficult for us to get through. It is an absolute crisis.”
In certain cases where it is absolutely necessary and urgent, some of the private laboratories have helped out with processing results.
“The NHLS electronic system is actually a fantastic system, because any patient’s results are immediately available. It made life much easier for us. But its collapse is creating big problems.”
Maternity risks
Michelle Horak, doing her community year at the district hospital in Heilbron, Free State, and who specialises in obstetrics, said their team had to take a patient to the theatre this week before they could get the blood results.
“We had to go into it blindly. The specialist said we just have no choice, we must proceed.
“The absence of blood results means it’s really difficult to make decisions in emergencies. Patients are admitted and can be very sick, but you don’t really know what you’re treating or what the situation is without blood results.”
Aslam Dasoo, convener of the Progressive Health Forum, said many patients can’t be discharged without certain diagnostic results.
This means the hospitals just get fuller and fuller.
“There are often just a few minutes between life and death … We can expect reports at a later stage on the number of preventable deaths and permanent disabilities due to this cyber attack. We cannot blame the NHLS for this, but it is a fact.”
Mlisana said the entire system is expected to be “cleaned up” by mid-July, after which it will have to be rebuilt.
“The end users will, however, be the last to be connected to the system, because we must first make sure the devices used by staff no longer have the virus on them. Each device will be cleaned and secured before we can consider the new system as stable.
“We don’t want to rebuild a system that will just be invaded again in six months’ time.”
Foster Mohale, spokesperson for the National Department of Health, said they are working closely with the NHLS to ensure that the system is restored as soon as possible.
“We cannot give a definitive timeline until there is certainty about the security system’s effectiveness in preventing further attacks. We are working day and night to ensure the issue is resolved and that we can return to normal.”
He said solutions must be found, because NHI would rely heavily on electronic systems like those at the NHLS.
Hard lesson
Dis-Chem, the second largest retail pharmacy chain in the country, which was hit by a massive data breach in 2022 that compromised the personal information of more than 3m customers, said it has fortified its IT infrastructure considerably.
The incident led to the Information Regulator issuing an enforcement notice and threatening a R10m fine due to inadequate data protection measures, reports BusinessLIVE.
In its latest annual report, Dis-Chem acknowledged the critical challenge posed by the breaches during the 2023/24 financial year.
The 2022 breach, which was traced to a third-party vendor, forced the company to reassess and strengthen its internal systems, despite being cleared of direct responsibility.
Dis-Chem’s chair Larry Nestadt emphasised the company’s commitment to robust cybersecurity practices.
“I am pleased to report that Dis-Chem was cleared of any wrongdoing after a comprehensive investigation, and it was determined that the breach did not originate from within our systems or processes,” he said.
To prevent future problems, Dis-Chem said it has enhanced its cybersecurity by investing in robust IT infrastructure, conducting regular security audits and continuously training employees on cybersecurity. The company also prioritises staying updated on regulatory requirements and fostering a culture of security awareness and accountability, it said
NHS under fire
In Britain, there is a similar state of panic after cyber criminals targeted pathology services, throttling surgeries and blood testing.
Synnovis, an agency which manages labs for NHS trusts and GPs in south-east London, was the victim of a hack on 3 June, leading to the cancellation of thousands of operations and appointments, affecting, among others, King’s College Hospital, Guy’s and St Thomas’ – including the Royal Brompton and the Evelina London Children’s Hospital.
Blood testing remains at a fraction of its former capacity, with only urgent and critical cases being processed, reports the BBC.
Lucy Goodeve-Docker, a GP in London, said the situation had been “incredibly tricky”. The practice, which used to process up to 200 tests a day, is now only managing 15 to 20.
“We had to pause our blood testing we were told we only had access to critical blood tests,” she said. “But when we don’t have access to blood tests, then we are working with uncertainty … that something might have changed.
“So although it's only been a few weeks without access, we are already building up a mountain of repeat patients we need to catch up with.”
And a fortnight ago, more than 100 000 NHS patients in the Dumfries and Galloway region of southern Scotland were warned to assume some of their patient data may have been published online after a major hack.
Long reach of attackers
In the US, a large Chicago children’s hospital said last week that nearly 800 000 patients were affected by a January ransomware attack after sensitive health information was leaked. The Ann & Robert H Lurie Children’s Hospital was targeted in January by the Rhysida ransomware group, which allegedly made more than $3 m from selling the data it stole from the hospital.
In filings with regulators this week, the hospital said 791 784 people had data exposed when hackers gained access to their systems between 26 and 31 January, reports The Record.
“Lurie Children’s did not pay a ransom,” said a spokesperson.
The hospital added that once its investigation team of cybersecurity experts “identified an amount of data affected by the cybercriminals”, it worked with law enforcement “to retrieve those data”.
Victims are being given two years of identity protection services.
The hospital said it was one of many hospitals and health systems across the country facing “constantly evolving cybersecurity threats” and was working with teams to further enhance security systems.
The children’s hospital is one of the biggest paediatric healthcare organisations in the Midwest, serving about 239 000 children each year, and treating more children with cancer and blood disorders than any other hospital in the state of Illinois.
It took weeks to restore its systems and the disruption left parents scrambling to find other doctors who could help their children access vital medicine and healthcare.
From Russia, with malice
Further afield, a cyber attack started targeting the University Hospital Centre Zagreb (KBC Zagreb) last Wednesday, resulting in the largest hospital in the country having to shut down its IT infrastructure in response, reports CyberNews.
Milivoj Novak, assistant director of health care quality and supervision of KBC Zagreb, said shutting down the system took the hospital back 50 years – to paper and pencil.
The attack was later claimed by the LockBit ransomware group.
The publicly funded teaching hospital was back online just 24 hours later, according to local news reports, after more than 100 experts were tasked with restoring IT systems to full functionality.
While all services, including the emergency service and medical laboratories, were later fully recovered, Novak said the “temporary impossibility of printing out medical reports and staff having to write them by hand caused significant delays”. It also confirmed that some patients had to be redirected to other hospitals, reports Security Affairs.com.
The Russian-affiliated gang known as LockBit claims to have stolen a large cache of files including “medical records, patient exams and studies; doctors’ research papers; surgery, organ and donor data; organ and tissue banks; employee data, addresses phone numbers etc; employee legal documents; data on donations and relationships with private companies; donation book; medication reserve data; personal data breach reports and much more”.
Operating as a Ransomware-as-a-Service (RaaS) model, the cartel is said to have executed more than 1 400 attacks against victims in the US and around the world, including Asia, Europe, and Africa.
BBC article – Hospital cyber-attack hampers GP blood services (Open access)
BusinessLIVE article – Dis-Chem enhances IT security after data breach debacle (Restricted access)
Cybernews article – Croatia’s largest hospital KBC-Zagreb claimed by LockBit (Open access)
See more from MedicalBrief archives:
Key health service units targeted by hackers
Cyber-attack disrupts London hospitals
SA has highest percentage of human error healthcare data breaches – report
Cyber thieves post patients' data stolen from Australian medical insurer