
The Information Regulator of South Africa has requested details on the security measures in place at the National Health Laboratory Service (NHLS) during a cyberattack in July 2024.
Regulator spokesperson Nomzamo Zondi clarified that the investigation focuses on NHLS’s compliance with the Protection of Personal Information Act (POPIA), not the attack itself.
NHLS must inform affected individuals and provide the following:
- Potential consequences of the breach;
- Measures taken to address the security compromise;
- Recommendations for affected individuals to take to mitigate the effect of the incident;
- Identity of unauthorized persons who may have accessed the data, if known;
- Confirmation of prior security measures.
“We have sent NHLS a request for information, which they have responded to. We are reviewing their response to determine further action,” Zondi said.
The attack occurred in June 2024 when an NHLS employee clicked a phishing link, allowing the BlackSuit ransomware syndicate to encrypt patient data.
While patient records on a separate server remained secure, the attack disabled the TrakCare laboratory information system, preventing doctors from accessing test results electronically.
NHLS Acting IT Executive Manager John Mukomana admitted the service lacked cybersecurity measures. “We were unable to update our systems or apply security patches,” he said.
Since the attack, NHLS has allocated R300 million to strengthen IT security, including:
- R15 million for security operations over three years;
- R28 million for new desktops and laptops;
- R164 million for enhanced security infrastructure over five years;
- R94 million for upgrading the data warehouse.
“We need to improve governance structures and take IT security more seriously,” Mukomana added.
The NHLS acknowledged a shortage of cybersecurity skills at the executive level contributed to its vulnerability.
Source: Daily Maverick