SA hospitals under further strain due to increase in cyber attacks
Johannesburg - Several of South Africa’s leading hospitals and health-care organisations have been targeted by cyber criminals during the Covid-19 pandemic.
The cyber attacks against hospitals and related organisations could disrupt their systems and affect their ability to deliver care, and also endangers lives.
With hospitals and health-care organisations around the country already under severe strain due to the Covid-19 pandemic, they are now also having to fend off dangerous cyber attacks.
In the last few months, several of South Africa’s leading hospitals and health-care organisations have been targeted by a rising wave of ransomware attacks by cyber criminals.
In June last year, hackers targeted the Life Healthcare hospital chain, which has 66 hospitals in South Africa.
The attack inflicted widespread damage, with the hospital chain admitting that the "the security incident” had affected admissions systems, business processing systems, and email servers.
While it did not affect patient care, it resulted in administrative delays as the hospitals were forced to switch to manual processing systems.
Since then, cyber attacks on hospitals and health-care facilities in the country have been on a worrying increase, as hospitals continue to work under strain during the Covid-19 pandemic.
Cyber attacks on hospitals and health-care organisations are a global problem, with leading cyber security solutions company, Check Point, reporting a shocking 45% increase on hospitals and healthcare organisations globally since November.
Cyber criminals are looking for large amounts of money, and fast, and with health care facilities urgency to restore services heightened, criminals are taking advantage.
In September it was reported by German authorities that what appears to have been a misdirected hacker attack caused the failure of IT systems at a major hospital in Dusseldorf, and a woman who needed urgent admission died.
These attacks are particularly damaging, because any disruption to their systems could affect the ability to deliver care, and endanger life.
Criminals are specifically and callously targeting the healthcare sector because they believe hospitals are more likely to meet their ransom demands.
South African IT expert, Anna Collard from KnowBe4 Africa, says South Africa’s hospitals and healthcare facilities are among the most vulnerable in the world.
“Globally the healthcare industry was one of the areas most affected by cybercrime last year, and South Africa experiences similar cybersecurity trends,” said Collard.
“What makes things worse for us is that South Africa's healthcare institutions are among the most vulnerable possibly due to a lack of local cyber security skills, low levels of awareness and underfunding.”
“Sendmarc, a security firm conducted a cyber security analysis of 219 e-mail domains used by South African hospitals, clinics, laboratories, treatment and medical practitioners, which showed the majority of the healthcare institutions have vulnerabilities that can be easily exploited by cyber criminals.”
Healthcare facilities in the country are mostly being hit by ransomware attacks which, according to Collard, is incredibly dangerous.
“Ransomware is a nasty form of malicious software that uses encryption technology to hold data at ransom.”
“The keys to decrypt the data are only released upon receipt of the ransom, typically via cryptocurrency. Ransomware is typically spread via phishing attacks or can also be downloaded from infected websites.”
“Ransomware will continue to get worse, leveraging data exfiltration and stolen employee passwords to force victim organisations to pay.
“A good backup and tested restore will no longer be enough to prevent the ransom from being paid.
“Criminals have started applying a form of double extortion, whereby they threaten victim organisations to release their sensitive data to the media / underground unless they pay up.”
IT expert Danny Myburgh, of Cyanre, a leading provider of computer forensic services in South Africa, says he was aware of a number of South African hospitals that have been attacked by cyber criminals.
However a non-disclosure agreement didn’t allow Myburgh to disclose which hospitals have been hit in the last few months.
Myburgh has however said that these cyber attacks have the potential to drastically affect patient care.
“What is worrying within the medical environment is the fact that if the hackers encrypt patient information it could mean that your medical records are not available and that could have devastating effects,” said Myburgh.
“If medical information such as what medicines you have been supplied with, what conditions you have, what allergies you have, is not readily available, it could prolong your treatment, or worse case scenario lead to your death.
“Also if information such as what medicines are available and blood supplies for patients are not available it could be devastating.”
Myburgh says they have also noticed a worrying trend in the last few months where hackers are accessing information and copying it out, which they could possibly release to the public.
“What we are noticing over the last few months in South Africa is that hackers are copying client information out. So a patient's HIV status could be used and put out in the public.
“Also if a hacker does gain access to medical information, nothing is preventing them from making changes to records.
“For example, if they really want to be malicious, they can change your blood type and hold the hospital ransom.”
Paul Grapendaal, head of managed services at Nclose, said they were aware of a threat in cyber attacks on hospitals in the country.
“Attackers are well aware that should they be able to compromise health-care organisations, the urgency to restore services is heightened, so they are more likely to demand higher ransoms and be paid quicker,” said Grapendaal.
Grapendaal says there are a number of measures hospitals and healthcare organisations can take to protect themselves from cyber attacks.
“The best defensive action an organisation can take is to ensure that all vulnerabilities within their environment are patched.
“Priority should be given to those vulnerabilities which are actively being used by active ransomware.”
“This is especially true for any servers that contain sensitive or business critical data. Due to the current requirement to have a remote workforce, VPN, RDP and Citrix gateways are most vulnerable and should be patched and secured.
“Clients should ensure they have adequate security controls in place to provide layered protection against any threat.
“Business or healthcare organisations should attempt to isolate critical systems from the rest of the environment where possible and minimize who has access to what systems and information.”