advertisement
X-twitter Facebook Instagram Linkedin Youtube Spotify
Facebook
X
LinkedIn
WhatsApp
Reddit

NHI’s centralised nature is a major cyber risk

  • The NHI will live and die on the electronic health record it uses.
  • Such a system would be a tempting target for cybercriminals looking to execute a massive breach.
  • Calin Cloete, Enterprise Security Solutions Lead at ESET Southern Africa recommends that the record be built with a zero-trust approach to security.

During the State of the Nation Address earlier this year, President Cyril Ramaphosa announced that this year, government would begin work to establish the National Health Insurance (NHI) scheme.

Part of this includes setting up a centralised electronic health record through which the medical data of citizens would flow to hospitals, doctors’ rooms and other areas of the healthcare system. Unfortunately, such a system could be a tempting target for cybercriminals and a disaster for citizens if their data is compromised.

As such, Calin Cloete, Enterprise Security Solutions Lead at ESET Southern Africa recommends that when setting up such a system, security forms the foundation of its development.

“The interconnected nature of an EHR [electronic health record] means that a security breach in one part of the network can potentially compromise the entire healthcare infrastructure. A proactive zero-trust approach can significantly reduce risk of data breaches and enable the NHI to quickly adapt to evolving threats,” Cloete says.

One way to secure this EHR would be to adopt a zero-trust security policy. A zero-trust approach to security entails – as the naming suggests – requiring authentication from every user or device whether inside or outside of the network. This would require that multi-factor authentication and role-based access control be baked into the system from the get-go.

“Essentially, the idea is to divide the network into very small segments – each with its own tight access control – and ensure that users only have access to the data they need to perform their duties. This limits the ‘blast radius’ of any potential breach. So, if one segment is breached, the attacker cannot easily move to other parts of the network,” the security solutions lead explains.

Zero-trust approach to network security key in a work from home world

However, as we are well aware, the most vulnerable part of any system is the squishy human sitting in front of the computer. The people who interact with the NHI’s record system will need to undergo continuous cybersecurity training in order to avoid phishing attacks, social engineering and insider threats.

Even then though, there is the potential for a breach to occur because of human error so it’s vital that the record system be designed in such a way that a breach doesn’t topple the entire system.

We recognise that POPIA will dictate how secure this system needs to be but to date, enforcement of this legislation has been woeful, and that’s a generous description. To date, the Information Regulator has published seven enforcement notices (of which two are repeats) which is laughable considering how many breaches happen every month in South Africa.

Besides, relying on the Information Regulator to keep the NHI secure isn’t exactly a good idea when a breach could immediately have an impact on a citizen’s health.

“The NHI will generate and store a massive volume of sensitive information. This data is extremely valuable, and for cybercriminals, that means it’s particularly lucrative. At the same time, any changes to patient data can impact their treatment, which puts lives at risk,” explains Cloete.

The fact of the matter is that as expensive as the NHI is going to be, setting up the systems that drive the NHI is going to be just as costly. That’s a concerning thought given that for all its scraping and searching, the National Treasury had to resort to a VAT increase to find the funds it needs for its annual budget.

There is a lot of work to do before all South Africans have access to good healthcare. How long that work will take is the question that will determine when South Africa will see the realisation of National Health Insurance.

advertisement

About Author

More
Picture of Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.

Related News

Cybercriminals beware, Nigeria is preparing for a fight

Watch out for this malware that uses legitimate apps as a disguise

Have I Been Pwned owner, pwned

Cybercriminals blackmail YouTubers into distributing covert cryptominer

Spray and pray – the worrying new trend among cybercriminals

SASSA SRD ravaged by cybercriminals and you’re paying for it

advertisement
Facebook Instagram Linkedin Youtube Spotify
Hypertext is one of South Africa’s leading technology news and reviews sites. We publish original content daily for consumers and businesses.
All original words & media by Hypertext by htxt.media are licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. Permissions beyond the scope of this license may be available at Hypertext. Where images and material are supplied by rights holders outside of htxt.media, original publishing licences are indicated and unaffected.
Click here to suggest a story.
Click here for advertising.

© 2025. All rights reserved by HTXT.