Cyber Criminals Bypass Code Of Ethics With Concerted Attacks On The World’s Healthcare Sector

South Africa’s healthcare sector weakened by underfunding, lack of skills and fragmented infrastructure

“There was a time when cybercriminals held off from attacking the world’s healthcare institutions for reasons of ethics. But no more,” says Shayimamba Conco, Cyber Security Expert at Check Point Software Technologies, a global leader in cyber security solutions. Conco comments come ahead of World Health Day on Monday April 7, 2025.

During the first three months of this year, Check Point Research has reported that the healthcare and medical industry experienced an average of 2,309 weekly attack attempts per organisation. This is an increase of 39% compared to the same timeframe last year.

Figures issued in a separate Check Point Threat Intelligence Report over the last six months show that a South African healthcare organisation is attacked on average 1626 times per week.

“International espionage authorities such as the FBI and INTERPOL have warned for years that threat actors view hospitals and healthcare providers as prime extortion targets,” Conco says.

“The critical nature of healthcare makes it a prime target—where every second of downtime or breach can mean a delay in care, or even worse, a loss of life,” he adds.

Ransomware and phishing are the most prevalent threats. The former preying on the critical need for timely access to patient data.

According to Conco, data exfiltration and extortion have overtaken encryption-based attacks as the primary ransomware tactics, simplifying operations and maximising payouts.

“The urgency of healthcare services makes providers more likely to pay ransoms to restore access quickly, leading to potential data loss, operational downtime, and significant financial strain,” Conco says.

ALSO READ Security is still a major issue for women in Africa’s gig economy

Compromised patient data however can lead to breaches of privacy and security, with long-term consequences for affected individuals. This can include identity theft and other forms of exploitation.

Beyond the ransom itself, the costs associated with recovery, system upgrades, legal fees, and potential fines can be substantial.

“Perhaps the greatest cost is reputational damage,” says Conco, “Trust is critical in healthcare, and a successful ransomware attack can damage an organisation’s reputation, eroding patient trust and potentially leading to a loss of business.”

SA’s Healthcare at a Critical Juncture

South Africa’s own healthcare sector stands at a critical juncture with its need for rapid digitisation to address escalating costs, boost efficiencies as well as prepare for the impending roll out of the proposed National Health Insurance (NHI) scheme.

Healthcare NGOs too have been stung by the recent withdrawal of US funding.

“The healthcare industry is already a prime target for cyber-attacks, and the USAID withdrawal will further amplify the risks in this sector,” Shayimamba says.

The vulnerability of the sector is illustrated by the cyber attack by The BlackSuit ransomware group on the National Health Laboratory Services in June last year, which disrupted lab result dissemination amid a Mpox outbreak. System sections, including backups, were deleted forcing manual result communication. Despite the attack, labs continued processing samples, but full system restoration took months afterwards.

“It is common to see that many healthcare breaches also begin with phishing, unpatched systems, or misconfigured networks—not complex zero-day exploits. Prevention is entirely possible, but not prioritised,” Conco says.

Broken Hygiene, Broken Systems

“At the root of the crisis is a lack of cyber hygiene. Healthcare organisations often rely on fragmented, outdated infrastructure—a mix of legacy systems and modern tech not designed to work securely together,” Conco says.

ALSO READ Operation Crimson Palace, Chinese State-Sponsored Espionage, Expands in Southeast Asia, Sophos Report Finds

Most medical devices are not built with security in mind, and many are not actively monitored by IT teams, and so the attack surface is growing faster than it can be protected by traditional means.

According to Conco, this dynamic compounds in developing countries, where resources are more limited. Reduced budgets mean outdated systems, less staff training, and fewer resources to protect sensitive patient data.

As a result, healthcare institutions in lower-income regions become prime targets for cybercriminals, threatening both care delivery and public trust, starting again this vicious cycle of attack and lack of defense.

When Devices That Heal Can Harm

A particularly chilling development is the rise in attacks on connected medical devices—pacemakers, insulin pumps, imaging machines, and more. According to the 2023 State of Cybersecurity for Medical Devices and Healthcare Systems Report by Health-ISAC, Finite State, and Securin, over 1,000 vulnerabilities were discovered in medical devices in 2023. However, only 15% of manufacturers had vulnerability disclosure programs in place.

“Attackers don’t need to breach a hospital’s network to cause chaos—they can now exploit IoMT (Internet of Medical Things) devices that serve as unguarded entry points. An example of how cyber criminals’ increasing sophistication is how hackers now specifically target medical devices as well, not only networks, servers, personal computers, databases and medical records,” Conco says.

Ironically local healthcare’s efforts to improve efficiency and cost savings through digital transformation mean the sector’s attack surface is expanding, with a noticeable increase in attacks on routers, VPN hardware, and other edge devices.

This trend underscores the urgent need for healthcare institutions to allocate resources for their protection.

ALSO READ SA businesses have more mobile workforces now – which means a greater need for cloud security amidst uptick in cyberattacks

Prevention is the Best Medicine

Risk and threats are growing for the healthcare industry but so are the solutions. Healthcare providers don’t have to accept such attacks or compromise with cyber criminals.

Check Point suggests five vital strategies to improve cyber resilience in the health sector:

Educate Your People: Phishing remains the number one entry point. Train staff continuously, and implement solutions like Check Point Harmony Email & Collaboration, which helped Fast Pace Health win the battle against phishing incidents.
Gain Full Visibility: Unmonitored devices are high-risk devices. Map all assets—including cloud, IoT, and legacy tech—and assign risk scores.
Segment and Isolate Networks: Use Zero Trust segmentation to prevent lateral movement during a breach. Assume compromise—and design defensively.
Adopt Prevention-First Security: Move beyond detection. Employ threat prevention tools powered by AI to block attacks before they execute.
Unify and Consolidate Security: A fragmented approach invites risk. Integrated platforms like Check Point Infinity provide end-to-end protection across users, devices, and data.

Conco concludes, “As South Africa moves increasingly towards digital transformation healthcare, the sector’s reliance on technology will increase, making cybersecurity readiness more critical than ever.

By adopting proactive measures, leveraging AI technologies, and focusing on education and collaboration, South African healthcare institutions can strengthen their defenses and ensure the safety of sensitive patient data.”