A cyber security expert, Benedict Joseph Oluwaseun, has said a recent ransomware attack on the UK’s National Health Service (NHS) serves as a stark warning for Nigeria’s developing healthcare sector.
Daily Trust reports that the attack, which crippled services across seven NHS hospitals, highlights the critical need for robust cybersecurity measures to protect sensitive patient data.
The cyberattack, believed to have begun on June 3rd, 2024, targeted London NHS hospitals, significantly impacting blood transfusion services and leading to widespread appointment cancellations.
Alarmingly, the attack went beyond service disruption. Hackers stole a massive amount of sensitive patient data, estimated at over 300 million interactions, including potentially life-altering information like HIV and cancer test results.
This stolen data, amounting to nearly 400GB, is now reportedly circulating online on dark web marketplaces and Telegram channels.
In a statement on Monday, Oluwaseun said while Nigeria’s healthcare system may not yet operate at the same technological level as the UK, this incident presents invaluable lessons.
The expert said by prioritizing cybersecurity initiatives, Nigerian healthcare institutions can significantly enhance their defenses against similar threats.
“Could This Attack Have Been Prevented? Yes. Several proactive measures could have mitigated the impact of the NHS attack. These include:
“Cybersecurity Training: Educating healthcare management and staff on cybersecurity fundamentals and fostering a culture of cyber hygiene is crucial.
“Regular training programs can equip staff to identify suspicious activity and prevent falling victim to phishing attempts or malware.
“Software Updates: Implementing a system for timely software updates across all medical devices and computer systems is essential. Outdated software contains vulnerabilities that hackers can exploit.
“Access Control Management: Limiting access to sensitive data based on job roles and responsibilities helps prevent unauthorized individuals from viewing or manipulating patient information.
“Advanced Threat Detection: Investing in advanced cybersecurity solutions that can identify and isolate suspicious activity before it escalates into a full-blown attack is critical.
“Building Human Firewalls: Creating a culture of cybersecurity awareness among staff empowers them to be vigilant and report any suspicious activity,” the statement read in part.