“BlackSuit” behind attack on critical South African healthcare service

National Health Laboratory Service (NHLS) CEO Koleka Mlisana has revealed the names of the attackers behind a security breach that forced the company to shut down its IT systems.

Speaking to Rapport, Mlisana said there was a message in which the cyber attackers identified themselves as BlackSuit.

She emphasised that the NHLS has not and will not communicate with the cyber attackers who used ransomware similar to that used in an earlier attack in the UK.

The CEO says cyber specialists are working around the clock to stabilise the system and remove harmful viruses.

She added that large portions of data had been erased, including backups, and there are signs that BlackSuit could still be active within the NHLS’ systems.

Mlisana said there is no evidence that patient data has been erased, adding that cyber specialists have added further layers of security to prevent more damage.

The NHLS shut down its IT systems due to a cyber attack over the weekend of Saturday, 22, and Sunday, 23 June 2024.

This included emails, its website, and the system used to retrieve and store patients’ lab test results offline.

Mlisana said the attack caused damage, indicating a ransomware infection or another equally damaging attack.

In the case of ransomware attacks, the victims’ data is typically encrypted to extort a ransom in return for a decryption key.

Attackers also exfiltrate data with the threat of leaking it online to encourage payment.

The NHLS has a network of 265 diagnostic pathology laboratories servicing South African healthcare facilities.

NHLS staff were informed about the attack in Mlisana’s memo.

“I regret to inform you that our IT systems are unavailable due to a suspected incident that occurred over the weekend,” she said.

“This incident compromised the security of our IT infrastructure. We are treating this matter with extreme urgency and concern.”

She added that the NHLS had deployed its Incident Response Team to manage the issue, adding that its Oracle environment and Trackcare database were unaffected.

“This team is working around the clock to determine the scope of the intrusion and deploy the required safeguards to secure our systems and data,” said Mlisana.

She said the NHLS was determined to solve the issue swiftly and openly.

Mlisana said the NHLS implemented its “Downtime Protocol” in response to the attack.

“I want to take this opportunity to thank you in advance as we all put in our efforts to ensure that disruption to our services is minimised,” she said.

The NHLS is part of the National Department of Health, and a spokesperson told MyBroadband that the department had been informed about the incident.

“They are working around the clock to address it and have called for patience as they are working to resolve this,” it said.

Latest news

Partner Content

Show comments


Share this article
“BlackSuit” behind attack on critical South African healthcare service