Doctors outraged as ransomware attack on NHLS delays test results, puts lives at risk
The ransomware attack on South Africa’s National Health Laboratory Service (NHLS) computer system took a turn for the worse this week. On Saturday 22 June the country’s central lab suffered a cyber attack, which will severely delay the processing of millions of blood tests.
A man with a thick eastern European-sounding accent called this journalist on Tuesday after Health-e News published a story detailing the fatal impact that three weeks of no blood test results will have. The man, who described himself as “the middleman” says all related patient deaths would be “on the NHLS for not engaging”. He urged its leadership to use the link provided by the “black suit” ransomware crew to start negotiations, bemoaning the existing “one-week delay already”.
Ransomware is an encrypted software that hackers use to block access to a database or computer system with the threat of publishing or deleting the data unless a ransom is paid.
The caller refused to identify himself or where he was calling from. He said, “we have read your article. We do not want any human casualties. The NHLS was given an opportunity to solve this problem and foolishly tried to withdraw the server data. By entering into the chat link provided by the hackers we can revoke everything in a couple of hours and restore the data. Otherwise, it will all be deleted and the costs to them will run to several million Euro. The NHLS is acting like a child. They should first of all start the negotiation. Without the hackers, they won’t solve the problem. Over one terabyte of data can be released – or deleted,” he added.
Health-e News shared details of the exchange with NHLS CEO Professor Koleka Mlisana. She revealed that a man with a similar accent called two of her junior staff last Friday, asking them to convey similar sentiments to their seniors. She confirmed that half a dozen Hawks detectives visited the NHLS headquarters on Monday. State Security operatives are scheduled to see her on Friday.
Similar ransomware attacks have recently happened in the UK and the US, targeting the healthcare sector. Mlisana says Russian hackers are suspected.
“We have to be careful what we report now because our country is taking on the probe,” she said before asking for the caller’s number. Callbacks to the number remained unanswered.
Patients worst affected
Earlier Mlisana told Health-e News it would take three weeks for the computer system to be restored. The downtime – extended by cyber security experts building in sophisticated new anti-hacking programmes – means the NHLS will be unable to process 6,3 million blood tests, leaving people undiagnosed and risking lives.
A senior specialist in a Western Cape tertiary hospital says he’s “incendiary with rage,” at the lack of effective communication by the NHLS, which he described as “just another monumental failure of a state-owned enterprise – unable to protect itself like banks and other big companies do in the private sector”.
He admits that his anger was partly driven by him and his colleagues trying to save the life of a 12-year-old girl in high care, suffering from a condition where a simple blood test result could lead to a successful intervention.
He says similar dramas would be playing out across the country, especially in non-tertiary hospitals that had no on-site labs to process emergency blood tests within 24 hours.
Mortality and morbidity from the crisis would be “incalculable”, he says, because linking deaths to a lack of blood results was a “long term metric that will only show up in six months’ time – like we saw with COVID”.
“The poor lab staff are falling apart, they’re completely overwhelmed with manual tests. Us doctors have to wait in long queues or call a phone number where you are, say, 300th in the queue.”
The NHLS explains that, usually lab reports are automatically generated and sent to the doctors or made available on web view. But the hack has disabled this function.
Both he and his Johannesburg tertiary hospital colleagues told Health-e News that the lack of blood test results had rendered their internal clinics dysfunctional or non-operational while patients were piling up in wards.
“This week we went through the entire clinic [day] without knowing what to do with a single patient. You multiply that with every chronic patient looking for blood results, or viral loads, and it’s an unmitigated disaster. It feels like we’re practicing medicine in the 80’s and 90’s or sending stuff down to the local herbalist to crush up some foxglove,” he quips.
“Yes, shit happens, but goodness me, to go ten or 11 days with no bloods or a contingency plan from the NHLS – that’s unacceptable.”
Emergency measures
Mlisana says emergency blood tests are being prioritised with high-risk tests being grouped together while the computer system is re-engineered to avoid future hacks – the main reason for the long delay.
Health-e News learnt that the Western Cape, Gauteng (helping the Free State) and KwaZulu Natal have pivoted to a somewhat dated “Single Patient Viewer” system that collates the medical histories of patients into a single personal electronic file. This enables doctors to, at least, base decisions on previous blood work done, with a link to pharmacies.
Incoming health minister, Dr Aaron Motsoaledi, says he’s heard about the NHLS computer hack, “in passing’ from his predecessor, Dr Joe Phaahla. But he knows very little besides what he’s read in the news.
“Obviously I’ll prioritise it. I’ve just met my DG and am due to meet my staff tomorrow [Thursday]. It’ll be one of the things I put on the agenda. It’s not fair to ask me to respond now,” he says.
Russel Rensburg, divisional director of the Rural Health Advocacy Project at the Wits Health Consortium, says that with the Public Finance Management Act it was “virtually impossible for the NHLS to follow the same route as the banks and big companies”.
Subscribe to our newsletter
“You don’t hear about it, but they (banks) pay up when it comes to ransomware and then upgrade their systems. It’s more cost-effective. The question to ask of the NHLS is, has there been enough investment in cyber security, and how do we make backup tests work better? Do the six central hospitals have a direct, shared line to the NHLS? Pointing fingers and apportioning blame won’t get us anywhere. We need a plan for what we do now.”
He says that, as with COVID, the private sector would “not just donate their, (blood and pathology), services – plus their systems are different. Perhaps the health minister must call them and work out how we can use our joint capacities to work in a unified way – and explore interoperability with offsite backup by the private labs.”
Mlisana said she was in “early talks” with private laboratories. – Health-e News
Author
-
Chris Bateman is a veteran healthcare writer, having served as News Editor at the SA Medical Journal from 2000-2016, after which he went freelance. He has won seven Discovery Health annual journalism awards (Commentary and Analysis and Best Publication categories). His earlier career was in newspapers, mostly on the Cape Times, (17 years), where he reported daily from the townships during the late 80’s struggle years. In 1992 he was posted to London as Group Correspondent for the then Morning Group of Newspapers returning to help cover the 1994 elections after which he covered the Western Cape and national legislatures. He had short stint in radio and television. A fluent Nguni speaker, he grew up in deep rural KwaZulu Natal. See www.thrive2write.co.za
View all posts
Republish this article
This work is licensed under a Creative Commons Attribution-NoDerivatives 4.0 International License.
Unless otherwise noted, you can republish our articles for free under a Creative Commons license. Here’s what you need to know:
-
You have to credit Health-e News. In the byline, we prefer “Author Name, Publication.” At the top of the text of your story, include a line that reads: “This story was originally published by Health-e News.” You must link the word “Health-e News” to the original URL of the story.
-
You must include all of the links from our story, including our newsletter sign up link.
-
If you use canonical metadata, please use the Health-e News URL. For more information about canonical metadata, click here.
-
You can’t edit our material, except to reflect relative changes in time, location and editorial style. (For example, “yesterday” can be changed to “last week”)
-
You have no rights to sell, license, syndicate, or otherwise represent yourself as the authorized owner of our material to any third parties. This means that you cannot actively publish or submit our work for syndication to third party platforms or apps like Apple News or Google News. Health-e News understands that publishers cannot fully control when certain third parties automatically summarise or crawl content from publishers’ own sites.
-
You can’t republish our material wholesale, or automatically; you need to select stories to be republished individually.
-
If you share republished stories on social media, we’d appreciate being tagged in your posts. You can find us on Twitter @HealthENews, Instagram @healthenews, and Facebook Health-e News Service.
You can grab HTML code for our stories easily. Click on the Creative Commons logo on our stories. You’ll find it with the other share buttons.
If you have any other questions, contact info@health-e.org.za.
Doctors outraged as ransomware attack on NHLS delays test results, puts lives at risk
by Chris Bateman, Health-e News
July 4, 2024