Tuesday, September 10, 2024
Smart Toilet Bidet Attachment
HomeTech NewsHackers hitting healthcare facilities

Hackers hitting healthcare facilities

Healthcare services worldwide, including South Africa’s National Health Laboratory Service (NHLS), have been victims of cyber-attacks, which weaken facilities and result in stolen patient data.

Experts claim this is due to the healthcare sector’s lack of resources to adequately deal with threats, especially in developing countries.

The latest of these attacks was on South Africa’s National Health Laboratory Service, which had to shut down its IT systems following the breach.

The NHLS is South Africa’s diagnostic pathology service for public healthcare facilities, comprising a network of 265 laboratories.

Its subsidiaries and divisions include the National Institute for Communicable Diseases, the National Institute for Occupational Health, the National Cancer Registry, and the South African Vaccine Producers.

South Africa is currently in the midst of a Mpox outbreak. In March, the NHLS still faced a significant backlog in toxicology tests.

At the time, the NHLS implemented its “Downtime Protocol” in response to the attack and deployed its Incident Response Team to manage the issue, adding that its Oracle environment and Trackcare database were unaffected.

NHLS CEO Prof Koleka Mlisana recently revealed that there was a message in which the cyber attackers identified themselves as BlackSuit.

She added that large portions of data, including backups, had been erased, and there are signs that BlackSuit could still be active within the NHLS’ systems.

Mlisana emphasised that the NHLS has not and will not communicate with the cyber attackers who used ransomware similar to that used in an earlier attack in the UK.

Cybercrime has recently become a particularly troubling problem in South Africa. The European Repository of Cyber Incidents shows that the country experienced seven attacks in 2023 compared to two in 2021 and one in 2019.

Kings College Hospial London
King’s College Hospital in London.

At the beginning of June, Synnovis, a London-based provider of pathology services, was hit by a similar ransomware attack.

Synnovis’ clients included the NHS and local general practitioners (GPs), which meant thousands of appointments and operations had to be cancelled.

The attack also locked down computers necessary for blood testing and transfusion services, reducing the number of tests possible daily from 200 to 15.

This resulted in King’s College Hospital in London asking its own clinical workers for blood due to supply disruptions caused by the attack.

Following the attack, a Russian-speaking hacker group called Qilin claimed credit for the attack and demanded $50 million.

However, the hackers went ahead and published medical records that included personal information about cancer patients, pregnant women, newborns, and people suffering from schizophrenia.

A total of 400 gigabytes of data was published on Telegram. Synnovis confirmed that this data was stolen from its systems.

These attacks targeting healthcare facilities are occurring at an increasing rate with the number going up from 32 in 2022 to 121 in 2023, according to The Lancet.

In 2021, a ransomware attack on Ireland’s Department of Health affected 80% of IT infrastructure, and almost 100,000 people’s data was stolen.

The Lancet argues that healthcare systems’ increased digital interconnectedness, accelerated by COVID-19, and ability to be used by many different users make them easy targets for threat actors.

This is because one weak entry point can paralyse the entire system. However, The Lancet says that resources are a more pressing issue for healthcare services.

“Unlike the financial service sector, health care does not have the same resources to pay cybersecurity experts equally well, who are already a hard-to-find workforce,” The Lancet said.

“The risks are particularly acute in low-income and middle-income countries, where the necessary infrastructure, resources, and regulatory frameworks to protect against cyberattacks are far less sufficient.”

In the Synnovis case, multiple hospitals failed to meet the UK health service’s data security standards.

This was acknowledged by the hospitals beforehand, suggesting governments are aware of the vulnerability these facilities face.

Source

mybroadband.co.za

RELATED ARTICLES

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisment -
Smart Toilet Bidet Attachment

Most Popular

Recent Comments