Ransomware makes public hospital patients wait even longer for lab results

  • The laboratory services for all of South Africa’s public hospitals are still recovering following a ransomware attack it suffered in late June.
  • The attack locked employees out of vital databases and digital communication services.
  • Because of this, huge delays are expected for the relaying of lab results, with urgent results having to be given telephonically.

The laboratory services of public hospitals in South Africa, the National Health Laboratory Service (NHLS), says that it is still struggling to issue results for tests to people following a ransomware attack it suffered in late June.

This includes results for blood tests, and results that screen for diseases like tuberculosis (TB) and HIV/AIDS, among others.

Following the attack, the NHLS said in a statement that a “ransomware virus was utilised to target selected points in the NHLS IT systems, rendering them inaccessible and blocking communication from the laboratory information system and other databases to and from users.”

“All users will be aware that the NHLS networked laboratory system is heavily reliant on these information technology systems that have been disrupted,” it added. The attack did not affect the actual laboratories of the NHLS, which number around 265, but rather the digital systems it uses to collect data from tests and issue communications.

On Thursday, the NHLS said that its systems were still reeling from the attack as the virus disabled several key systems in the process of relaying lab results to patients via their doctors. Now, non-urgent tests are facing delays, while urgent test results are being communicated telephonically.

“Under normal circumstances, the laboratory reports are automatically generated and sent to clinicians or made available on WebView, this incident has disabled that functionality. However, all urgent results are communicated telephonically to requesting clinicians,” the NHLS said in a statement.

Telephonically communicating results to doctors at hundreds of hospitals across the country creates problems of its own, especially as it is only one entity, the NHLS itself, that is doing the communicating.

The NHLS is now trying to implement alternative methods to issue lab results as quickly as it can. One of these methods is the rolling out of a critical test list to all public health facilities. With the most critical tests receiving the most urgency and attention from the service’s staff.

“This is done to limit the volume of test requests, allowing laboratories to cope with the workload. However, this does not imply that routine tests will not be performed,” it explained.

Adding, “More tests, prioritising those on the critical test list, will be made available. In addition, we are in the process of developing an electronic registration system for registering new samples and providing test results electronically. Access to laboratory results will be the same as the historical TB and HIV viral test results.” 

The Transnet 2021 ransomware attack all over again

The NHLS says that it is moving with “utmost urgency” to reduce the impact of the attack, and that it “endangered the safety and well-being of millions of public health patients.”

It is likely the most significant cybercrime incident to affect a government institution since the 2021 Transnet ransomware attack that left all of South Africa’s ports inactive for about a week.

Ransomware attacks usually seek to block access to vital digital services, such as locking users out of apps and systems and often include threats of leaking private data or secret information stolen from these same systems, unless victims pay a ransom to attackers.

This ransom is usually in the form of a cryptocurrency payment, which is untraceable.

The NHLS nor the Department of Health have indicated any more information about the attack itself, such as if a ransom was demanded, who the threat actors were, or even how the virus managed to get into the NHLS system in the first place.

Most of the time, ransomware viruses are able to infiltrate systems via social engineering attacks. The most common is that an employee will download a file containing the virus believing the file to be something else. If the employee is connected to the system, even through their own personal computer at home, attackers can find their way to important information and systems of the company in minutes through the virus.

Cybercrime prevention educators and companies have, for years, begged both private and public organisations locally to invest more in cybercrime education for employees, especially in practices that could have prevented a social engineering attack.

[Source – SA News]

[Image – Photo by National Cancer Institute on Unsplash]


About Author


Related News