Read time: 3 minutes

African healthcare faces a cyber security dilemma

By , Africa editor
Africa , 28 Jun 2024
Stu Sjouwerman, CEO of KnowBe4.
Stu Sjouwerman, CEO of KnowBe4.

Hospitals have become more appealing targets for ransomware attacks because of their large patient records, sensitive information, and networked systems and equipment.

This is according to KnowBe4, a provider of security awareness training, which released its International Healthcare Report this week. The report looks at the cyber security crisis that the healthcare sector, namely hospital groups, is presently experiencing around the world.

The report states that hospitals have become increasingly appealing targets for ransomware attacks, and that inadequate security measures have made institutions exposed to cyber threats.

It says: “When attacked, cyber criminals can potentially take control of entire hospital systems, and gain access not only to patients’ health information but also their financial and insurance data.”

Citing Check Point Research, the report says in 2023, Africa was the global region with the highest average number of weekly cyber-attacks per organisation, with an average of 1,987 attacks.

The report reads: “One in every 19 organisations in Africa experienced an attempted attack every week, an increase of 7% over 2022. The continent is challenged by the lack of digital security infrastructure.

“With a focus on building reliable electricity and internet to jumpstart business, cyber security has not been given priority. Approximately 90% of African businesses are operating without cyber security protocols in place, making them vulnerable to hacking, phishing and malware attacks.”

“The healthcare sector remains a prime target for cyber-criminals looking to capitalise on the life-or-death situations hospitals face,” says Stu Sjouwerman, CEO of KnowBe4.

He adds: “With patient data and critical systems held hostage, many hospitals feel like they are left with no choice but to pay exorbitant ransoms. This vicious cycle can be broken by prioritising comprehensive security awareness training to empower employees and cultivate a positive security culture as a strong defence against phishing and social engineering attacks.”

Daily newsletter