Life Healthcare Group hit by cyber attack amid COVID-19

The second largest private hospital operator in SA – Life Healthcare Group – has been hit by a cyber attack in the midst of the COVID-19 outbreak.

The hospital group has not revealed the nature of the security breach; however, the incident was deemed severe enough for it to make a voluntary announcement to the market this morning.

Life Healthcare has been forced to bring in external cyber security experts and forensic teams “to advise and supplement internal teams and capacity”, says the group.

It says authorities have since been alerted.

The security breach incident is being considered a severe one and the hospital group has taken its systems offline, in order to contain the attack.

Pieter Van der Westhuizen, acting group CEO, says: “First, and foremost, we wish to assure all the communities within which we operate that this criminal attack on our systems will not affect the quality care and clinical excellence we aim to provide.

“Patient care remains our key priority. We are deeply disappointed and saddened that criminals would attack our facilities during such a time, when we are all working tirelessly and collectively to fight the COVID-19 pandemic.”

“The extent to which sensitive data has been compromised is yet to be determined as we are still in the process of investigating the incident,” says the hospital in a SENS update to shareholders.

The JSE-listed group says patient care has not been impacted and it continues to provide quality healthcare across all of its hospitals and clinics.

However, the security incident has affected admissions systems, business processing systems and e-mail servers.

The private healthcare provider, owned by Brimstone Investment Corporation, has 6 500 beds and is the largest black-owned hospital operator in the country.

In a statement to the market, it says, in line with its business continuity plans, hospitals and administrative offices have switched over “to backup manual processing systems and continue to function, albeit and regrettably, with some administrative delays”.

The company has apologised for “any frustration, delay, or distress this criminal act has caused to our patients, doctors, employees, funders and other stakeholders”.

Exploiting fear, confusion

The attack on Life Healthcare comes on the back of a stern warning from the World Economic Forum (WEF) that as the COVID-19 crisis accelerates, it is also exacerbating cyber risks.

It says the constant flow of information on the virus, accompanied by fear, confusion and even the boredom of confinement, have multiplied opportunities for cyber criminals to deliver malware, ransomware and phishing scams.

“The corporate digital infrastructure that normally is protected by multiple layers of security within corporate offices no longer has some of those layers while the majority of employees are working from home. This weakened security is perfect prey for hackers that are searching for any potential vulnerabilities, either technical like virtual private networks, or social engineering techniques exploiting people’s anxieties,” warns WEF.

In the healthcare sector, globally, there has been a spike in cyber attacks targeting medical organisations at the forefront of the response to COVID-19.

Online security consultancy Unit 42 recently released a report saying COVID-19-themed attacks have been carried out on a range of targets.

So far, the firm says it has observed attacks on a Canadian government healthcare organisation and a Canadian medical research university, “as well as an info stealer variant (AgentTesla) observed in attacks against various other targets (eg, a US defence research entity, a Turkish government agency managing public works, a German industrial manufacturing firm, a Korean chemical manufacturer, a research institute located in Japan and medical research facilities in Canada)”.