A ransomware NHLS cyberattack disrupted testing for weeks, highlighting severe cybersecurity weaknesses in public health systems
Key Points:
- A single phishing link caused a six-week halt in NHLS services.
- Significant investment in cybersecurity, totaling R300 million, is now underway.
- Staff awareness and IT infrastructure improvements are crucial for preventing future breaches.
NHLS Cyberattack Disrupts Critical Health Services
The National Health Laboratory Service (NHLS), a crucial public sector entity in South Africa, faced a major disruption. This happened after the NHLS cyberattack in June 2024 which halted its operations for weeks. An employee clicking on a phishing link triggered the attack. Which compromised the laboratory’s IT infrastructure, rendering its critical systems inoperable.
Ransomware Paralyzes NHLS Systems
The NHLS conducts 400,000 medical tests daily, playing an integral role in South Africa’s battle against HIV and tuberculosis. On June 21, 2024, cybercriminal syndicate BlackSuit gained access to the NHLS database using ransomware that encrypted the system’s data. As a result, the cybercriminals completely disabled the TrakCare laboratory information system, which allows doctors to access test results. Meanwhile, while testing continued, doctors could not retrieve results, consequently causing severe delays in patient care.
Six-Week Shutdown and Backlog
The NHLS did not pay the ransom, which led to a six-week shutdown. During the shutdown, the team, therefore, had to implement manual systems. The attack caused a massive backlog of medical work, with clinics and hospitals forced to submit paper-based results. “We had to stop everything and start from scratch,” said NHLS CEO Professor Koleka Mlisana. By July, staff processed only a fraction of the usual tests. It took nine months for the NHLS to recover to its pre-attack testing volumes.
IT Failures and Post-Attack Recovery
In testimony to Parliament, Acting IT Executive Manager John Mukomana admitted that outdated NHLS IT systems made security upgrades impossible. He revealed that the organization had lacked the necessary IT skills, particularly at the leadership level, to handle such threats effectively. However, following the attack, the NHLS has invested R300 million to bolster its cybersecurity, including new desktops, enhanced firewalls, and staff training to prevent future breaches.
Impact on Staff and Healthcare Providers
The attack’s impact was far-reaching, with prolonged test result turnaround times and added stress on healthcare providers. Experts, including Professor Sumaiya Cassim, emphasized the lack of a proper business continuity plan and also noted that staff were ill-prepared for such a crisis.
Government Action to Strengthen Cybersecurity
Minister of Health Aaron Motsoaledi confirmed that the NHLS is putting measures in place to strengthen its cybersecurity, with ongoing efforts to recover lost data and prevent future cyberattacks.
This attack highlights the critical need for enhanced cybersecurity in South Africa’s public health sector, as cyber threats continue to evolve.
