A private hospital in Durban reacted swiftly to a ransomware breach last month after hackers gained access to its computer systems and locked part of its network, reports IOL.
External cybersecurity specialists were immediately brought in after the intrusion was detected at Ahmed Al-Kadi Private Hospital in Mayville on 18 April.
The breach was only disclosed this week when patients were notified via text messages and reassured that “all reasonable steps have been taken to contain your personal information …Patient care has not been impacted, and we continue to provide quality healthcare services at our hospital”.
On its website the hospital said the cybersecurity expert team had contained the breach, investigated the extent of access, restored affected systems and assessed whether any personal information was compromised.
“Our investigations confirmed that an unauthorised third party gained access to our IT environment and deployed ransomware, which encrypted a portion of our environment.”
The breach was reported to the Information Regulator, as required under POPIA, and the hospital has said it will co-operate with authorities as investigations continue.
Patients were urged to be cautious and warned of possible phishing attempts, impersonation and fraud linked to the incident. The hospital also advised patients not to share banking or personal information and to report any suspicious contact immediately.
So far Ahmed Al-Kadi Private Hospital has not confirmed whether any personal or medical information was accessed or removed from its systems. It says investigations are continuing to determine the full scope of the incident.
The latest breach forms part of a wider pattern of cyber-attacks targeting South African institutions that hold large volumes of sensitive personal data, including health, financial and government records.
Between April 2025 and March 2026, the Information Regulator received 3 219 data breach notifications, of which 1 858 were linked to the financial services sector.
The regulator said most of them were linked to human error or internal system failures rather than external cyber-attacks. It classified 2 677 notifications as “non-cyber compromises”, including procedural mistakes and organisational weaknesses, while 250 involved malicious cyber activity.
The figures point to repeated exposure across both public and private systems, where sensitive data are stored and processed daily.
Industry experts say attackers are increasingly targeting institutions holding large volumes of personal and national data, and warn that methods are evolving, with phishing, ransomware and impersonation scams becoming more convincing and harder to detect.
Stolen login credentials are also increasingly used to gain access to systems, often without immediate detection.
IOL article – Durban hospital targeted in ransomware incident (Open access)
See more from MedicalBrief archives:
Key health service units targeted by hackers
SA has highest percentage of human error healthcare data breaches – report
Cyber-attacks on global healthcare industry red-flagged
NHLS must hand over cyber attack info, says regulator