Cyberattacks on Healthcare Are Rising – Why Cybersecurity Is Now Critical Care

Africa’s healthcare sector is dealing with a crisis that doesn’t show up on patient charts. Hospitals, clinics, and labs are already stretched thin, under-resourced, overwhelmed with demand, and unevenly distributed across the continent. Now they’re facing a threat most weren’t built to handle: cybercrime.

While medical professionals are focused on saving lives, criminal groups are quietly targeting hospital systems, patient records, and critical infrastructure. The question is no longer whether your organisation will be targeted,  it’s whether you’ll be ready when it happens.

A Growing Crisis Hiding in Plain Sight

WHO Director-General Tedros Adhanom Ghebreyesus has pointed out that the rapid digitisation of healthcare,  combined with the high value of health data — has made the sector one of the most attractive targets for cybercriminals. These attacks can, at best, cause disruption and financial loss. At worst, they erode trust in health systems and directly harm or kill patients.

The numbers tell a troubling story. In 2025, healthcare organisations across Africa faced an average of 3,575 cyberattacks every week — a 38% increase from the previous year. The impact ranges from encrypted patient data and loss of access to hospital systems, to stolen records surfacing on the dark web.

And that figure likely undercounts the true scale. Most hospitals and healthcare facilities never publicly disclose attacks, so the full picture remains hidden.

Recent Attacks Across the Continent

The incidents already on record are serious enough to demand attention:

• In May 2025, Mediclinic Southern Africa was hit by a cyber extortion attack that compromised sensitive HR data.
• Lancet Laboratories was fined under South Africa’s POPIA law for failing to notify patients about a data breach in a timely manner.
• A ransomware attack on the National Health Laboratory Service disrupted blood test processing nationwide, delaying critical care for millions.
• M-Tiba, a Kenyan digital health platform backed by Safaricom and managed by CarePay, suffered a major data breach in late 2025.
• Pharmacie.ma, a Moroccan pharmaceutical platform, was reportedly targeted in an alleged data leak involving the unauthorised export of customer records.
• Nigeria’s private healthcare sector has become one of the most targeted on the continent, with attacks accelerating at an alarming rate.

Why Healthcare Is Such an Easy Target

Several factors combine to make Africa’s health sector especially vulnerable to attack. Many public health institutions are still running outdated infrastructure with limited IT staff. Fragmented record-keeping — a mix of paper files and digital systems, often unencrypted and spread across multiple platforms creates multiple entry points for attackers.

Healthcare organisations are also increasingly adopting open-source AI tools for diagnostics and patient management. These tools make financial sense on a tight budget, but many lack the security controls needed to properly protect sensitive data.

Perhaps the most exploited vulnerability is the pressure hospitals face to restore systems quickly. When patient care is on the line, organisations are far more likely to pay a ransom to get back online fast. But cyber insurers report that in 2 out of 5 cases where a ransom is paid, data and operations still can’t be fully recovered — and many attackers simply return with additional demands.

Medical records are also worth far more than most people realise. According to cybersecurity analysts in the USA, a single stolen medical record can fetch $260–$310 on the dark web — compared to just $30–$50 for a stolen credit card. Medical records don’t expire, can’t be easily changed, and often include insurance details, biometric data, and personal identifiers that remain useful for years. Criminals use this information for insurance fraud, prescription fraud, and sophisticated identity theft that’s hard to detect and even harder to reverse.

How Healthcare Organisations Can Fight Back

Protecting your digital systems doesn’t require becoming a tech company. It requires applying the same resilience mindset that good healthcare professionals already have — planning for disruptions before they happen, investing in the right tools, and making sure your team knows what to do when things go wrong.

Build Cybersecurity Into Your Resilience Planning

Healthcare facilities already plan for physical disruptions — backup generators, spare equipment, standby staff. That same thinking needs to extend to your digital environment. If your systems went down tomorrow, would you have a recovery plan ready? Do you have secure, offline data backups? Has your team practiced what to do during a breach?

Your incident response plan should also align with local compliance requirements. In South Africa, that means POPIA. In Kenya and Nigeria, it means compliance with their respective Data Protection Acts. Building genuine resilience and meeting compliance obligations should be the same project, not separate ones.

Prepare for AI-Powered Attacks

Cybercriminals are now using AI to work faster and target more organisations simultaneously. AI-driven phishing is 4.5 times more effective than traditional phishing — meaning your staff can no longer rely on spotting poorly written emails. The attacks are more convincing, more personalised, and harder to catch.

The good news is that AI is also one of your strongest defences. AI-powered threat detection systems can identify unusual activity faster than any human team, automate containment responses, and adapt to new attack methods as they emerge.

Regularly audit third-party tools and integrations — especially any AI or cloud services connected to your systems. These are increasingly used as entry points. And if your organisation uses open-source AI tools, make sure they’re being patched and vulnerability-scanned on a consistent schedule.

Strengthen How You Control Access to Patient Records

As more staff and patients access records digitally, controlling who can see what — and proving they are who they say they are — becomes essential. The Microsoft Digital Defense Report 2025 highlights that one of the most common attack methods involves stealing valid user credentials and using them to log in undetected.

Deploying phishing-resistant multi-factor authentication (MFA) and conditional access controls significantly raises the bar for attackers. Combined with role-based access, where staff can only access the data relevant to their specific role, this reduces both the risk of external breaches and internal misuse.

Invest in Your People

Technology is only part of the solution. Phishing remains the most common entry point for attackers, and most successful breaches start with a single person clicking the wrong link or handing over their login credentials without realising it.

Regular, practical training, not a once-a-year awareness session makes a real difference. When your team can recognise an attack and knows exactly what steps to take, the whole organisation becomes harder to compromise.

This Is a Patient Safety Issue

The conversation around cybersecurity in healthcare needs to change. This isn’t a back-office IT issue,  it’s a frontline patient safety issue. A ransomware attack that takes down lab systems for days, or a breach that exposes thousands of patient records, has direct consequences for people’s health and lives.

Africa’s healthcare workers have always shown extraordinary resilience under pressure. Extending that same resilience to the digital environment — investing in the right tools, preparing response plans, and empowering staff,  is the next critical step in protecting patients. The threat is real. The tools to address it exist. And the cost of doing nothing is too high.