The National Health Laboratory Service (NHLS) has shut down its IT systems following a breach over the weekend.
Its emails, website, and system for retrieving and storing patients’ lab test results are offline.
Based on a memo from NHLS chief executive officer Prof Koleka Mlisana, the intrusion caused damage, suggesting the NHLS suffered a ransomware infection or similarly destructive attack.
Ransomware attacks typically involve encrypting the victim’s data and extorting them for a decryption key.
Attackers also often exfiltrate sensitive data and threaten to leak it online unless you pay.
The NHLS is South Africa’s diagnostic pathology service for public healthcare facilities, comprising a network of 265 laboratories.
It was created in 2001 by merging several institutions into a single entity.
Its subsidiaries and divisions include the National Institute for Communicable Diseases, the National Institute for Occupational Health, the National Cancer Registry, and the South African Vaccine Producers.
South Africa is currently in the midst of a Mpox outbreak. In March, the NHLS was also still facing a significant backlog in toxicology tests.
NHLS staff were informed about the attack in Mlisana’s memo.
“I regret to inform you that our IT systems are unavailable due to a suspected incident that occurred over the weekend,” Mlisana stated.
“This incident compromised the security of our IT infrastructure. We are treating this matter with extreme urgency and concern.”
Mlisana said they have deployed their Incident Response Team to handle the issue.
“This team is working around the clock to determine the scope of the intrusion and deploy the required safeguards to secure our systems and data,” she said.
“Fortunately, our Oracle environment and Trakcare database are not affected, but the entire environment has been shut down to prevent further damage.”
Mlisana said she appreciated that the news may raise concerns.
“Please rest assured that our priority focus is on data security. We are determined to solve this issue swiftly and transparently,” she said.
“We will provide you with regular updates as we learn more about the compromise and our continuing response activities.”
In response to the attack, the NHLS has implemented its “Downtime Protocol” to ensure the necessary resources are made available to address the situation.
“I want to take this opportunity to thank you in advance as we all put in our efforts to ensure that disruption to our services is minimised,” said Mlisana.
She said they must prioritise patients’ samples and processing with results directly communicated to clinicians whenever urgent, as well as printed and distributed manually.
The NHLS falls under the National Department of Health and a spokesperson for the department told MyBroadband they had been informed about the incident.
“They are working around the clock to address it and have called for patience as they are working to resolve this,” the Department of Health said.
Add Comment