Tag: cyber security

Categories : IT in HealthcareTags :

Healthcare Under Attack: Why Cybersecurity is now Critical Care

On By ModernMedia
Photo by Nahel Abdul on Unsplash

By Kerissa Varma, Microsoft Chief Security Advisor, Africa

Africa’s healthcare sector is facing a silent emergency. Many healthcare operators, facilities and doctors across Africa already grapple with the challenges of under-resourced environments, an uneven distribution of resources and massive demand for services. Now, healthcare administrators must turn their attention to a relatively new and extremely urgent concern. While doctors fight to save lives, cybercriminals are infiltrating hospitals, laboratories, and clinics, turning life-saving environments into digital battlegrounds.

A growing epidemic

World Health Organization director-general Tedros Adhanom Ghebreyesus noted that the digital transformation of healthcare, combined with the high value of health data, has made the sector a prime target for cybercriminals, commenting that “At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend, and even cause patient harm and death.”

Recent attacks have exposed the fragility of Africa’s medical infrastructure. In May 2025, Mediclinic Southern Africa was hit by a cyber extortion attack, compromising sensitive HR data. Later in 2025, Lancet Laboratories faced a regulatory penalty for failing to notify patients about data breaches under South Africa’s POPIA law, while a ransomware strike on the National Health Laboratory Service disrupted blood test processing nationwide, delaying critical care for millions.

M-Tiba, a Kenyan digital health platform managed by CarePay and backed by Safaricom, suffered a significant cyberattack and data breach in late 2025, while earlier this year Pharmacie.ma, a Moroccan pharmaceutical platform, was reportedly the target of an alleged data leak incident that allegedly involved the unauthorised export of a customer database. And recent research indicates that Nigeria’s private healthcare sector is now one of the most targeted on the African continent, with attacks increasing at an alarming rate.

Many incidents also go unreported, as hospitals and healthcare facilities rarely disclose them publicly, yet these incidents are not isolated, with ransomware dominating the threat landscape. Africa’s healthcare sector is heavily targeted by cybercriminals, with healthcare organisations facing an average of 3575 weekly attacks in 2025, a 38% surge from the previous year, with encryption of patient data, temporary loss of access to hospital systems and the risk of data appearing on the dark web cited as potential impacts.

Why healthcare is a prime target

The healthcare industry in Africa, particularly in the public sector, is working with legacy systems, fragmented infrastructure, and underfunded IT teams, all of which combine to make the sector an easy target for unscrupulous bad actors.

Many medical institutions are adopting open-source AI tools for diagnostics and patient management. While cost-effective, these platforms often lack enterprise-grade security, leaving sensitive data exposed. Combined with fragmented storage of paper and electronic patient records – often unencrypted and scattered across multiple systems – the risk of breaches multiplies.

Hospitals and healthcare facilities cannot afford downtime. Every minute offline risks lives, making them more likely to pay ransoms in an attempt to regain control of their systems. Cyber insurers  indicate that in 2 of 5 cases of a ransom being paid, data and operations still cannot be recovered. Additionally, in instances where some or all of the seized data is recovered after paying a ransom, the attacker goes on to request further payments.

Medical records are also a premium target for cybercriminals. In the USA, researchers found that patient records, insurance details, and research data fetch premium prices on the dark web – up to 10 times higher than financial data, according to cybersecurity analysts. A single stolen medical record can sell for $260–$310, compared to $30–$50 for a credit card, because unlike credit cards, medical records never expire and medical information cannot be easily changed, making it useful for years. Medical records frequently include personal identifiers, insurance details, and sometimes biometric data, enabling identity theft and fraud, while criminals use medical data for fake insurance claims, prescription fraud, and targeted scams. Microsoft believes cybersecurity needs to be embedded into every technology implementation. This should be a key priority, especially with sensitive medical data and operations.

How healthcare can use modern technology safely

As Africa’s healthcare systems digitise and embrace AI, protecting the digital lifeline must become as critical as protecting the physical one. Key steps can secure healthcare organisations and facilities like laboratories and diagnostic services’ systems.

Include cybersecurity in your resilience planning

Medical professionals and healthcare facilities often prioritise the resilience of physical capabilities. Power backups, multiple devices should equipment fail, and a standby roster in the event of a practitioner being unavailable are all practices that save lives. Equally cybersecurity and safeguarding online systems needs to be built into the overall resilience planning of medical facilities and services.

Investing in cybersecurity technology that can quickly identify and contain attacker activity before it leads to system downtime or data theft can save lives. Having a response plan that is practiced and maintained in the event of a cyber breach and ensuring strong data backups could mean the difference between a total failure of health services or a minor incident. Ensuring incident response plans are aligned with local compliance laws such as South Africa’s POPIA, and Kenya and Nigeria’s Data Protection Acts is critical for healthcare providers to meet both their resilience and compliance objectives.

Prepare for AI-driven attacks that are going to increase attacker speed and success

Threat actors are increasingly exploiting the interconnectedness of modern software ecosystems and operational structures to conduct malicious activity, so regular auditing of third-party integrations, especially those involving AI or cloud services, is critical.

Adversaries are using AI to scale and tailor operations, with AI-driven phishing being 4.5x more effective than traditional phishing. However, in equal measure, AI is transforming cyber defence – it automates response and containment, detects threats faster and more accurately, and identifies detection gaps and adapts to attacker behaviour. Healthcare organisations should invest in AI-driven threat detection for faster response and anomaly detection and must also take steps to secure AI models and data pipelines by implementing robust access controls, vulnerability scanning, and regular patching for open-source tools.

Remote and wider access to patient records requires strong identity practices

As both patients and medical professionals start accessing patient records digitally, strong means of identification, verification and authentication are critical. The Microsoft Digital Defense Report 2025 notes that the abuse of valid accounts is a frequent occurrence, with malicious actors gaining access to user credentials (usernames and passwords) and using them to infiltrate systems without triggering traditional security alerts. Therefore, organisations must deploy phishing-resistant multifactor authentication (MFA) and conditional access to strengthen user defences.

Invest in people and skills

People are at the heart of robust cybersecurity measures, so it is vital to train staff against common tactics such as phishing, which is the most common entry point for attackers, and apply role-based access controls for both clinical and research data to prevent privilege misuse.

Cybersecurity is no longer an IT issue – it’s a patient safety issue. Healthcare services and providers must treat digital resilience with the same urgency as infection control. By investing in comprehensive cybersecurity strategies and leveraging AI-powered defences, Africa’s healthcare sector can position itself as a crucial front line against emerging threats and help build stronger, more resilient digital ecosystems.

Categories : Expert Opinion IT in HealthcareTags :

Opinion Piece: Business Continuity and Data Management – a Life-or-death Situation in Healthcare

On By ModernMedia
Photo by Nahel Abdul on Unsplash

By Hemant Harie, Group CTO at DMP SA / Gabsten Technologies

Ransomware attacks are a growing concern for healthcare facilities worldwide, with attacks wreaking havoc, including encrypting complex patient records, cancelling appointments, delaying life-saving surgeries, and even rerouting ambulances. The critical nature of healthcare services, combined with the sensitive personal and medical data they handle, makes hospitals and healthcare providers a prime target for cybercriminals.

When these systems are compromised, the impact is severe, jeopardising patient safety, disrupting service delivery and causing financial strain. It has become imperative for healthcare facilities to adopt more robust cybersecurity measures, including effective data management strategies as part of an overall business continuity approach. Partnering with an expert third-party service provider can assist healthcare facilities in ensuring continuity of care and business operations even in the face of cyberattacks.

Attractive targets with unique vulnerabilities

Digital transformation within the healthcare space, while vital for improving patient care,  can also introduce significant cybersecurity risks. Many hospitals and healthcare facilities are at different stages in their digital transformation , and legacy infrastructure is a common challenge, alongside immature cybersecurity posture and processes, making them more susceptible to attacks.

Cybercriminals often target these systems because they handle vast amounts of sensitive data, including Personal Health Information (PHI), which is highly valuable on the black market. In addition, these facilities often lack the dedicated IT and cybersecurity specialists they need to adequately defend against or recover from ransomware incidents.

The nature of information housed within healthcare and the consequences of a breach mean the stakes are high. This, combined with the fact that healthcare facilities are legally bound by regulations such as the Protection of Personal Information Act (PoPIA), Health Insurance Portability and Accountability Act (HIPAA) and General Data Protection Regulation (GDPR) to protect this information, means potential breaches could have catastrophic consequences.

The impact of ransomware on healthcare

Ransomware attacks can have devastating effects on healthcare organisations, leading to significant downtime that directly threatens patient care. Operations may be postponed or cancelled, disrupting treatment schedules and putting patients’ lives at risk. Additionally, the exposure of PHI can result in severe legal and ethical repercussions, including costly regulatory fines and lawsuits. Financial losses also extend to ransom payments, the cost of recovery, and reputational damage, all of which can linger long after the attack is resolved.

Moreover, a ransomware attack on one healthcare facility can damage the reputation of the entire network, as trust is critical in healthcare. Patients may be less likely to seek care from a hospital they perceive as insecure, leading to long-term financial and operational challenges.

Data management mitigates ransomware risks

To effectively combat ransomware, healthcare organisations must prioritise data management and cyber resilience. This starts with classifying and understanding the types of data being processed and stored , such as medical records, surgical files, and other critical patient information. Once this data is properly categorised, healthcare facilities can implement security controls that ensure the integrity and availability of the data.

Regular, automated backups stored offline are essential for mitigating ransomware risks. These backups allow facilities to restore their systems quickly without paying a ransom, minimising downtime and ensuring continuity of care. In addition to regular backups, hospitals should adopt advanced security measures such as multi-factor authentication, firewalls, and intrusion detection systems to safeguard against unauthorised access.

An expert partner enhances data management and security

Third-party service providers offer critical expertise and comprehensive solutions that healthcare organisations may lack in-house. These providers specialise in data management, backup, and disaster recovery, ensuring that hospitals have access to the latest technologies and best practices for defending against cyber threats. These experts bring valuable experience from handling multiple cyber incidents across various sectors, which can inform and improve the healthcare facility’s own data management practices. In addition to providing technical expertise, third-party providers can offer ongoing education, helping healthcare staff stay informed about the latest cybersecurity threats and recovery processes.

One of the key services offered by third-party providers is automated backup and disaster recovery solutions. These services typically include offsite storage, secure cloud options, and regular backups, all of which are vital for restoring data and reducing downtime during a ransomware attack. Offsite storage and cloud solutions also protect data from physical threats like floods or fires, adding an extra layer of security. In addition to traditional backup services, advanced tools can enhance data protection by providing early warning systems and simulating real-time production environments, which allow healthcare facilities to detect and respond to potential threats before they can cause damage. For example, scanning tools can identify which versions of data are clean and free from malware, enabling faster and more effective recovery.

Partnering with a third-party provider ensures that healthcare organisations have access to continuous support and the latest innovations in data protection. These providers not only help mitigate ransomware risks but also assist in compliance with industry regulations and offer scalable solutions to meet the growing needs of healthcare facilities.

As ransomware threats continue to rise, healthcare organisations must take proactive steps to safeguard their systems and protect patient data. Effective data management, including regular backups and disaster recovery plans, is essential for mitigating these risks. By partnering with third-party service providers, healthcare facilities can leverage specialised expertise and advanced technologies to enhance their cybersecurity defences and maintain continuity of care, even in the face of growing cyber threats.

Categories : Ethics and Law HospitalsTags :

FBI Disrupts Cybercrime Group Which Extorted Hospitals

On By ModernMedia
Photo by Nahel Abdul Had on Unsplash

The Hive ransomware group that has targeted more than 1500 victims in over 80 countries around the world, including hospitals, has been disrupted in a months-long campaign against, the US Justice Department has announced.

Hive ransomware attacks have caused major disruptions in victim daily operations around the world and hindered responses to the COVID pandemic. In one case, a hospital attacked by Hive ransomware had to fall back to pen and paper to treat existing patients and could not take new admissions shortly after the attack. 

The Justice Department revealed that the FBI had penetrated Hive’s computer network and captured its decryption keys, which were then offered to victims around the world. This saved them $130 million in ransom they would have had to otherwise pay to get their networks back.

Finally, the department announced that, in coordination with German and Dutch law enforcement, it has seized control of the servers and websites that Hive uses to communicate with its members, disrupting Hive’s ability to attack and extort victims.

Since June 2021, the Hive ransomware group has targeted more than 1500 victims around the world and received over $100 million in ransom payments.  

Hive used a ransomware-as-a-service (RaaS) model featuring administrators, and affiliates. RaaS is a subscription-based model where the administrators develop an easy-to-use ransomware strain and then recruit affiliates to deploy the ransomware against victims. Affiliates identified targets and deployed this readymade malicious software to attack victims and then earned a percentage of each successful ransom payment.

Hive actors used a double-extortion model of attack: before encrypting the victim’s system, the affiliate would steal sensitive data. The affiliate then sought a ransom for both the decryption key necessary to decrypt the victim’s system and a promise to not publish the stolen data – usually the most sensitive, such as hospital patient data. After a victim pays, the affiliates and administrators split the ransom 80/20. Victims who do not pay on the Hive Leak Site. After Consulate Health Care was unable to pay the ransom, since its insurance did not cover such cyber crimes, Hive posted 550GB of personally identifiable information on its patients and employees online.

For more information about the malware, including technical information for organisations about how to mitigate its effects, is available from CISA, visit https://www.cisa.gov/uscert/ncas/alerts/aa22-321a.

Categories : HospitalsTags :

Cyber Attack Cripples Ireland’s Health Services

On By ModernMedia
Photo by Nahel Abdul Hadi on Unsplash

A “significant ransomware attack” caused widespread disruption to Ireland’s health service, forcing cancellations and blocking services.

Paul Reid, Ireland’s Health Service Executive chief executive, told RTÉ there had been a “human-operated” attempt to access data for a likely ransom. “There has been no ransom demand at this stage. The key thing is to contain the issue. We are in the containment phase.”

Reid said the HSE was working with police, the defence forces and third-party cybersecurity experts to respond to the cyber attack. He apologised to patients and the public for the disruption.

The attack has affected national and local systems that provide core services. However COVID vaccinations and ambulance services were unaffected.

Several hospitals cancelled outpatient visits or asked patients with appointments to not attend. The Rotunda, a Dublin maternity hospital, said it was experiencing a “critical emergency”, cancelling all outpatients visits save for women over 35 weeks pregnant.

At Cork university hospital, the oncology department was reportedly brought to a halt. The child and family agency Tusla said its IT systems, including the portal through which child protection referrals are made, were offline.

In the US earlier this week, the Colonial petrochemical pipeline was crippled in a major cyberattack by a cybercriminal group called Darkside, resulting in fuel shortages and states of emergency being declared. The pipeline company reportedly paid a ransom fee of $5 million to get control back of their systems.

Master of the Rotunda Hospital Professor Fergal Malone told Morning Ireland that accessing patient records and data was the reason for the cancellations.

There was a backup plan to use an “old-fashioned” paper-based system, he said, but added that “throughput would be much slower” this way.

Malone said the hospital discovered unusual activity in its IT systems at about 2am and later detected what appeared to be a ransomware virus. “We use a common system throughout the HSE in terms of registering patients and it seems that must have been the entry point or source,” he told RTÉ. “It means we have had to shut down all our computer systems.”

However, all patients were safe. “We have systems in place to revert back to old-fashioned record-keeping.” Lifesaving equipment was not affected. “Patients will come in in labour over the weekend and we will be well able to look after them.”

Source: The Guardian