June 26th – In South Africa, the National Health Laboratory Service (NHLS), which operates 265 laboratories across all nine South African provinces, has confirmed that it’s contending with a ransomware attack. The attack is stymieing efforts to distribute lab results amidst the country’s latest mpox outbreak.
What happened
The ransomware attack began on Saturday morning. Cyber criminals dismantled portions of online systems, including backup servers. IT professionals are expected to have to rebuild a number of the affected systems.
The ransomware strain used to target systems remains unknown. In the interim, systems are inaccessible and unable to communicate effectively. CEO Koleka Mlisana explained that officials do not yet know when systems will be restored.
Healthcare providers and the general public will be notified about the latest timelines as soon as further information becomes available.
Ransomware impact
In addition to disrupting the distribution of mpox results amidst an outbreak, the attack has also forced laboratory administrators to relay more urgent test results to doctors over the phone, as opposed to electronically. In some cases, results are being printed and sent to doctors or hospitals.
A preliminary investigation shows that patient data has not been compromised or stolen, as is often the case in healthcare sector ransomware attacks.
The NHLS says that its incident response team, which includes both internal and external experts, was activated promptly after discovery of the attack. The NHLS has reiterated its commitment to ensuring business continuity and quality of service.
Healthcare threats
This year, ransomware attackers have disrupted a number of different healthcare entities and systems around the world. Several attacks have had significant downstream effects on people in need of care.
In the last few weeks, the NHS had to cancel thousands of operations due to a ransomware attack on a pathology services provider.
Healthcare solutions
Organizations in the healthcare sector are advised to upgrade cyber security measures. These include, but are not limited to:
- Implementing robust firewalls
- Conducting frequent security audits
- Regularly updating and patching all software
- Establishing secure, offline backups of critical data
- Developing and testing comprehensive disaster recovery plans
- Providing regular cyber security training for all employees
- Conducting tabletop exercises to test and improve response capabilities
Get more on this breaking news story here. For additional insights into cyber security and healthcare, please see CyberTalk.org’s past coverage. Lastly, to receive cyber security thought leadership articles, groundbreaking research and emerging threat analyses each week, subscribe to the CyberTalk.org newsletter.