After last year’s catastrophic ransomware attack on the National Health Laboratory Service (NHLS), a pair of Western Cape doctors has called for an urgent upgrade and the strengthening of the system’s cybersecurity to prevent similar future attacks, which they say are inevitable.
The 22 June strike resulted in a ‘complete breakdown of all IT-related operations, including internet, intranet and the TrakCare laboratory information system, said Professor Zivanai Chapanduka and Dr Sumaiya Cassim from Stellenbosch University’s Division of Haematological Pathology, and every effort should be made to avert similar disasters.
After the attacks, the NHLS’ downtime standard operating procedure or SOP was instituted, “but the SOP had no contingency plan for a cybersecurity breach and was clearly not fit for purpose” .
“Prolonged, complete shutdown of all network services ensued,” wrote the two academics in the SA Medical Journal.
For the next 40-odd days, all IT systems for the NHLS were inaccessible, writes News24. Countrywide, doctors and lab staff had to use time-consuming manual processes to get test results out. To ease the burden, only critical tests were performed.
“Clinicians from all centres expressed their frustration about the inability to request specific tests, inaccessible previous results, delay in current results and the inconvenience of manually collecting paper results,” said the doctors, who based their article on their experience at the haematopathology department at Tygerberg Hospital in Cape Town.
Test results had to be shared via phone, WhatsApp, courier services and – in some cases – be physically collected from the lab.
The systems were only operational again around mid-August.
The two doctors wrote that their experience shows that the NHLS response to the attack was “reactive”, and “not unexpectedly, inadequate”.
The state-run lab service needs to urgently overhaul its cybersecurity systems and create detailed business continuity plans (BCP), they added, so that “inevitable” future attacks are not as disruptive.
“Cyberattacks of this nature are likely to occur, hence the urgent need for investment in cybersecurity and the development of a well-structured BCP.”
What to do?
They said the NHLS needs a dedicated team to take the lead in this kind of disruption, and create detailed plans for similar future events: ranging from storing data on external hard drives or backing up on the cloud, to simulating how to respond in similar attacks.
Employees also need to improve their security practices, using multi-factor authentication, backing up data, and only accessing work computers on secure networks.
Global issue
In November, WHO Director-General Tedros Ghebreyesus said ransomware attacks on health facilities and hospitals were “an issue of life and death”.
“Cyber-crime groups operate on the logic that the greater the threat to patient safety, confidentiality, and service disruptions they can create, the greater the ransom they can demand,” he said.
He said attacks were increasing because of the success hackers had had in forcing institutions to pay to decrypt data.
Who was behind the attack?
NHLS CEO Koleka Mlisana told Rapport in June that a hacker group known as BlackSuit had contacted them to claim responsibility for the attack. Members allegedly linked to the group also contacted journalists and low-level NHLS staffers.
“It appears they were probably active in the computer system for more than a month before they struck, apparently having infiltrated months ago,” she said at the time.
By late August, most of the NHLS' systems had been restored. That month, the NHLS told News24 that it had taken “decisive actions” to strengthen its information systems against future threats by boosting security and better protecting its digital infrastructure.
The NHLS did not reply to questions about whether a ransom had been paid.
See more from MedicalBrief archives:
NHLS system still faltering as cyberattacks hit global healthcare
Cyber attacks create havoc in state hospitals in SA, and globally