Johannesburg – The National Health Laboratory Service (NHLS) has suffered a ransomware attack that left its servers inaccessible, and some files deleted.
The hacking of yet another public entity happened at midnight on Friday.
In a letter sent to stakeholders on Sunday and seen by The Bulrushes, NHLS CEO Koleka Mlisana said the IT system was experiencing downtime because of a ransomware virus.
“This attack affected our virtual servers and data storage, rendering them inaccessible and some deleted, including the backup data,” said Mlisana.
“This has had an impact on our service delivery because we operate a networked laboratory system that relies significantly on information technology.
“We are conducting a comprehensive investigation to determine the entire extent of the compromise.”
The laboratory service is marred by backlogs, especially toxicology cases, and a shortage of skilled staff.
Mlisana added that the processing of samples is now being done manually.
“We are making all necessary efforts to prevent future incidents and increase our cybersecurity posture,” said Mlisana.
“We have therefore resorted to manually processing all diagnostic samples received by our laboratories.
“Results will be communicated telephonically if urgently needed, the rest will be printed manually and the rest will be manually printed, and healthcare facilities and clinicians.”
In recent months, some government entities, including municipalities, have fallen prey to hackers due to poor IT security and a lack of proper software.
Last year, officials at the Free State’s Moqhaka Local Municipality in Kroonstad were left scrambling after the municipal IT system was hacked and access to data shut off.
The council hired an IT company to physically reload lost data such as residents’ private information.
The Department of Justice and Correctional Services was hacked at least three times since 2021.
More than 1 200 files were lost along with internal documents and private information was compromised in 2021.
In another attack, cyber thieves made off with R17 million from the department’s Guardian Fund.
The fund manages money paid to the Master of the High Court on behalf of heirs of deceased persons who also include minors.
These led to the Information Regulator slapping the department with a R5 million fine under the POPIA law.
In February this year, there was an attempted security breach at the Companies and Intellectual Property Commission, which manages enterprise and intellectual property registrations.
The commission had to shut down its operations to safeguard data.
