It’s going to take at least three weeks for the National Health Laboratory Service (NHLS) system to be restored following the cyber attack on June 22, 2024, claimed the institution in a statement released on July 3.
The extended downtime means NHLS remains unable to process 6.3 million blood tests, leaving people undiagnosed and their lives at risk. The NHLS runs 265 laboratories across South Africa that provide testing services for public healthcare facilities in the country’s nine provinces. The attack also meant that tons of data from NHLS business operations, employee data, patient data, and more is now in the hands of ransomware attackers.
Ransomware is a type of malicious software (malware) that encrypts the files on a victim’s device, rendering them inaccessible. The attackers then demand a ransom payment from the victim in exchange for the decryption key needed to unlock the files.
Most of the country’s public health facilities don’t have their own laboratories to run blood tests. Instead, these facilities send samples to the NHLS. Test results are then automatically generated and sent to clinicians or made available on web view. But the data breach has blocked this communication system.
CEO of NHLS, Professor Koleka Mlisana, says the entire system is unavailable to users nationwide, ruling out electronic sample testing, access to documents in the laboratory information system and emails.
“We can’t register new samples; we’re doing that manually. We also can’t get results loaded after analysis. We’re now printing the manual results out, attaching them to request forms and phoning these out,” she explains.
Delayed blood test results, or no access to results, means that diagnosis, treatment and, sometimes, life-saving decisions, simply cannot happen.
Hundreds of essential operations country-wide will also be cancelled as blood tests are critical to check whether liver function is normal and to detect any risk-increasing comorbidities.
Only emergency blood tests are being done manually at tertiary hospitals – a time-consuming, laborious process.
Mlisana says a team of information and network technicians at NHLS are working flat out to rebuild, refix, and clean up both hardware and software to establish a clean operating environment under the guidance of a cyber-security specialist.
“A top priority is to build in enhanced security features to reduce the chances of a second ransomware hack (a common occurrence globally). But this unfortunately means extended downtime,” she said.
“Everything is shut down with nothing coming in or going out. Only the IT people can say how long this will take. But their preliminary assessment is that we’re probably looking at the next two to three weeks.”
She also added that to get a usable system up and running, the IT crews needed to “map everything we have and then put it on a separate server. It looks like we might have something by early next week, which will make a huge difference to our operations.”
Mlisana says she was in talks with a few private laboratory groups, but nothing has come of it so far.
“We’d need to negotiate prices and a modus operandi, plus who bears the cost. So, we’re doing this in tandem with repairs and monitoring the volume flow. I know clinicians are very frustrated, but we’re doing our best,” she says.
Foster Mohale, the National Department of Health spokesperson, said that a criminal case has been opened because the attack is considered a threat to state security.
