Ransomware attack on blood-testing service puts lives in danger in South Africa

A ransomware attack against South Africa's National Health Laboratory Service (NHLS) has put lives at risk and created chaos for healthcare services across the country.

On June 22, the BlackSuit ransomware group hit NHLS, leaving it unable to process millions of blood tests. This means serious conditions have been left undiagnosed and lives endangered. This included details of tests that screened for diseases like tuberculosis and HIV/AIDS, as well as the mpox (also known as monkeypox) outbreak that is currently impacting parts of Africa.

NHLS, which runs a network of 256 laboratories, shut down its IT systems following the security breach. It took its email system, website, and systems for retrieving and storing patients' lab test results offline.

The disruption has caused huge delays for healthcare professionals waiting for patients' lab results. As a consquence, the most urgent test results have had to be shared over the telephone rather than electronically.

According to media reports, hundreds of essential operations have been cancelled due to the lack of blood tests.

"We can't even register patients on the system or send emails," a haematologist told Health-e News. "It's affecting casualty wards and people are dying."

Over 6.3 million blood tests are thought to be unprocessed, meaning major operations have been postponed.

Police in South Africa and data regulators have been informed about the attack, for which the BlackSuit ransomware gang has taken credit.

Someone with a "thick Eastern-European accent" who claimed to be a middle-man for the BlackSuit ransomware gang has called journalists and NHLS staff members demanding a ransom payment and denying that the group had any intention to cause casualties:

"The NHLS was given an opportunity to solve this problem and foolishly tried to withdraw the server data. By entering into the chat link provided by the hackers we can revoke everything in a couple of hours and restore the data. Otherwise, it will all be deleted and the costs to them will run to several million Euro. The NHLS is acting like a child. They should first of all start the negotiation. Without the hackers, they won’t solve the problem. Over one terabyte of data can be released – or deleted."

Professor Koleka Mlisana, the CEO of NHLS, has pledged that some of its services will be back up and running by mid-July.

Past victims of the BlackSuit ransomware gang include East Central University, CDK Global, schools in the US state of Georgia, and even a zoo.