South African healthcare stands at a critical juncture with its new government and the proposed National Health Insurance (NHI) scheme on the horizon.

This is the word from Shayimamba Conco, workspace solutions architect at Check Point, who adds: “No matter the direction the country’s healthcare policies are taken, the reliance on digitisation and technology will be vital in the roll out of universal healthcare services, making cybersecurity readiness a top priority.”

Recent breaches, such as that of Discovery Insure and GEMS, and now the National Health Laboratory Services, highlight the critical need for robust cybersecurity measures in the healthcare sector.

Ransomware group BlackSuit claimed responsibility for the ransomware attack on the NHL which forced the government institution to shut down its IT systems for two days last month. BlackSuit says it stole 1,2TB of data during the attack, including business contracts, contacts, employee data, product data, financial data, and medical data.

Globally, healthcare institutions have become prime targets for cybercriminals due to the high value of medical records and personal data. In the UK, hospitals are currently canceling operations and blood transfusions after a recent cyber-attack caused the National Health Service to declare a ‘critical incident’.  And in Dumfries Scotland, ransomware gangs are threatening to publish personal medical records after a recent ransomware attack on the town’s health services.

Commenting on the critical nature of cybersecurity resilience in the healthcare industry Conco says: “In South Africa, the healthcare sector faces a similar threat landscape. The advancement of ransomware has seen a significant increase in attacks that exploit zero-day vulnerabilities. 2023 alone saw a 90% increase in ransomware incidents compared to the previous year.”

Ransomware attacks are especially damaging and can cripple the ability to perform hospital operations, delaying treatments and procedures, and potentially risking patient lives.  Compromised patient data can lead to breaches of privacy and security, with long-term consequences for affected individuals. This can include identity theft and other forms of exploitation. Beyond the ransom itself, the costs associated with recovery, system upgrades, legal fees, and potential fines can be substantial.

“Perhaps the greatest cost is reputational damage,” says Conco, “Trust is critical in healthcare, and a successful ransomware attack can damage an organisation’s reputation, eroding patient trust and potentially leading to a loss of business.”

According to Conco, the healthcare sector is especially vulnerable to ransomware attacks for several reasons:

  • Sensitive Data: Healthcare providers store vast amounts of sensitive personal and medical data, making them prime targets for cybercriminals.
  • Critical Systems: Medical facilities rely on continuous access to digital systems for patient care, diagnostics, and treatment, meaning any disruption can have immediate and severe consequences.
  • Outdated Infrastructure: Many healthcare organizations use outdated IT infrastructure and software, which may lack the necessary security features to fend off sophisticated cyberattacks.
  • Financial Pressure: Given the potential risk to patient safety and the urgency of restoring systems, healthcare organizations may feel pressured to pay ransoms quickly.


The South African Cyber Security Landscape

An organisation in South Africa is being attacked on average 1 274 times per week in the last six months.

The top malware in South Africa is FakeUpdates. The top malware list in South Africa includes 4 Botnets, 1 RAT (AsyncRat) and 1 Downloader (FakeUpdates). 57% of the malicious files in South Africa were delivered via Web in the last 30 days. The most common vulnerability exploit type in South Africa is Information Disclosure, impacting 75% of the organisations.

According to a recent Check Point Threat Intelligence report, organisations in South Africa are attacked on average 1,175 times per week over the last six months. The top malware threats include FakeUpdates, Botnets, AsyncRat (a Remote Access Trojan), Formbook (an Infostealer), and various Downloaders. Notably, 84% of the malicious files in South Africa were delivered via the web in the last 30 days.

The most common vulnerability exploit type in South Africa is Information Disclosure, impacting 76% of the organisations. Weekly impacted organizations by malware types show that botnets pose the highest threat, followed by ransomware and mobile malware.

Ironically local healthcare’s efforts to improve efficiency and cost savings through digital transformation mean the sector’s attack surface is expanding, with a noticeable increase in attacks on routers, VPN hardware, and other edge devices. This trend underscores the urgent need for healthcare institutions to allocate resources for their protection.


Proactive Measures and Strategies

A recent case study from a major healthcare provider in South Africa demonstrates the successful implementation of a comprehensive security program. The program consolidated security investments, offering a scalable platform to support the institution’s growth and providing full visibility of the security posture across their multi-cloud environment.

This approach significantly reduced the total cost of ownership (TCO) and minimised operational overhead, while also decreasing the number of security alerts and uncovering dormant threats.

Conco concludes, “As South Africa moves increasingly towards digital transformation in healthcare, the sector’s reliance on technology will increase, making cybersecurity readiness more critical than ever. By adopting proactive measures, leveraging AI technologies, and focusing on education and collaboration, South African healthcare institutions can strengthen their defenses and ensure the safety of sensitive patient data.”