‘Life and death issue’ — SA health lab service shuts down test results communication system after cyberattack

Senior doctors working in the public health system have called for urgent interventions to speed up medical testing after the National Health Laboratory Service (NHLS) had to shut down its communication system because of a cyberattack.

Clinicians have raised serious concerns that they are now unable to timeously access their patients’ test results and can’t discharge patients without those results. 

“Hospitals will fill up fast,” said one doctor.

The NHLS assured the public that their medical information was safe and was not affected by the massive cyberattack, which shut down the communication channels between state hospitals and the laboratory service.

The NHLS has been forced to switch over to a manual system and doctors said the delay in accessing results was creating a medical emergency. It is not yet known how long it will take for the system to be rebuilt as sections of it have been deleted. 

Senior clinicians have called on public hospitals to at least be provided with point-of-care technology to do the most urgent tests.

Doctors working in the public sector called on private laboratories to assist, saying that patient care had been severely affected. 

No patient data lost

On Monday, the NHLS said: “We recognise the magnitude of the situation and the concerns it may generate. Please know that our main focus is the security and integrity of our data and services. We will provide regular updates on the situation and our work towards resolving the issue.

“We are making all necessary efforts to prevent future incidents and increase our cybersecurity posture. We have therefore resorted to manually processing all the diagnostic samples received by our laboratories. Results will be communicated telephonically if urgent and the rest will be manually printed and distributed to healthcare facilities and clinicians.”

NHLS CEO Professor Koleka Mlisana confirmed that the NHLS had experienced an information technology security breach that compromised its systems and infrastructure. 

“The incident occurred on Saturday morning, 22 June 2024. A preliminary investigation suggests that our enterprise resource planning (Oracle) environment and laboratory information system (LIS) (TrakCare) database and our [central data warehouse] are not affected, therefore no patient data has been lost or compromised. All patient data is safe.”

Mlisana said a ransomware virus had entered and blocked the NHLS IT system.

She said the laboratory information system would be inaccessible both internally and externally including to and from healthcare facilities until the integrity of the environment was secured and repaired. 

“All users will be aware that the NHLS networked laboratory system is heavily reliant on these information technology systems that have been disrupted,” she said.

“It has been established that sections of our system have been deleted including in our backup server and this will require rebuilding the affected parts. Unfortunately, this will take time and investigations thus far have not advanced enough for us to give a timeframe toward the restoration of our systems and full service. 

“All stakeholders and the public will be informed as soon as more information becomes available.” 

She said that after Saturday there were more cyberattacks on the system, but they were blocked by an additional layer of security that had been built in. 

“Currently, all our laboratories are fully functional, receiving and processing clinical samples. Under normal circumstances, the laboratory reports are automatically generated and sent to clinicians or made available on WebView, [but] this incident has disabled that functionality. However, all urgent results are communicated telephonically to requesting clinicians,” said Mlisana.

The United Kingdom’s National Health Service (NHS) suffered a similar attack on 2 June and The Guardian reported on Monday, 23 June that the seizure of data by Russian hackers might mean that patients would have to wait up to six months for blood results. 

The NHS on Monday said data stolen from the Synnovis system was published by a cybercrime group. Synnovis does blood tests for the NHS. 

Life and death issue

Back in South Africa, a doctor who works in a maternity ward in a busy public hospital said they needed the test results in real-time to help their patients.

“This is a huge crisis,” he said. “Patient care is badly affected.” 

Dr Aslam Dasoo from the Progressive Health Forum (PHF) said private sector laboratories needed to provide their spare capacity and assistance.

“The NHLS is a vast institution with high expertise in the pathology sciences, such as serology [blood tests], microbiology, histology [tissue sampling and analysis], biochemistry, as well as cutting-edge research, the largest on the continent. 

“It performs vital functions 24-7 and services the public health service in all its facilities across the country along the whole spectrum of care. 

“The loss of the entire online platform is an issue of life and death, when one considers that tests on patients in theatres, ICUs, trauma, obstetrics, dialysis and high care need almost real-time results of tests requested. 

“There is a high likelihood of deaths of severely ill patients if their doctors cannot access the precise data in test results in a timely manner on the causes or degree of illness, nor can they monitor the level or cause of any deterioration in many settings,” said Dasoo.

“Private medical record breaches are obviously very serious and that must be a law-enforcement priority focus. The clinical setting consequences are, however, life-threatening in many instances. 

“The CEO and her senior management are highly skilled and obviously seized with the issue, but whether they have the full resources to rapidly resolve the crisis is doubtful, unless disaster recovery systems are robust. 

“While they engage with the necessary, the private labs should immediately reach out to the NHLS and to public health facilities in their proximity and make all their reserve and even increased capacity available and should extend support to the public service clinicians to urgently perform tests for public health service patients, preferably at no cost. 

“Meanwhile, major IT interventions may be required and much of that resource is available quickly. The PHF is working to obtain support funding from private sources on an urgent basis to assist in getting the NHLS back online and to support its management,” said Dasoo. 

“This is a terrible thing,” said a doctor. “It is a real disaster. Hospitals are filling up as we speak and for some people there is nothing to do but wait.” DM