A ransomware attack on South Africa’s National Health Laboratory Service (NHLS) is delaying the processing of millions of blood tests and imperilling the lives of an untold number of people. BizNews speaks to Chris Bateman, a former long-time News Editor of the South African Medical Journal – after he was contacted by the Eastern European-sounding middleman of the “Black Suit” hackers. The “middleman” made dire threats if the NHLS didn’t enter into negotiation with the hackers. Meanwhile, a 12-year-old girl is dying in Groote Schuur Hospital because her illness can’t be diagnosed without a blood test. There have been similar attacks in countries outside Russia…which leads to the suspicion that the hackers are Russian.
Sign up for your early morning brew of the BizNews Insider to keep you up to speed with the content that matters. The newsletter will land in your inbox at 5:30am weekdays. Register here.
Join us for BizNews’ first investment-focused conference on Thursday, 12 September, in Hermanus, featuring top experts like Frans Cronje, Piet Viljoen, and more. Get insights on electricity and exploiting SA’s gas bounty from new and familiar faces. Register here.
Watch here
Listen here
Extended transcript of the interview ___STEADY_PAYWALL___
Chris Steyn (00:02.936)
Lives are on the line because of a ransomware attack on South Africa’s National Health Laboratory Service. Chris Bateman, a former long-standing News Editor of the South African Medical Journal and a contributor to Health-e News has all the details. Welcome Chris.
Chris Bateman (00:21.743)
Hi Chris, nice to be chatting to you again.
Chris Steyn (00:24.92)
Let’s start at the beginning, Chris.
When was the attack launched, Chris?
Chris Bateman (00:47.982)
Chris, last Saturday, I think in the morning, I’m not quite sure how they detected it, but there was a link provided to talk to the ransomware hackers. And basically a terabyte or two, I’m not sure which, was taken down, which basically crippled the National Health Laboratory Service computer system. Now that has huge implications for blood analysis nationally in the public sector.
Chris Steyn (01:17.688)
I was just going to ask you what are the wide-ranging fall-outs from this attack?
Chris Bateman (01:22.99)
Well, you know, I’m not a clinician, but I’ve been around them for decades. And what I do know is that, you know, and most people know as well, is that blood tests are critical for diagnosis and treatment of people. And, you know, ranging from, you know, you can think of anything, cancer, TB, HIV, AIDS, antibiotics, scans, checking bloods before operations to check, to assess the risk, you know, across specialties. Blood analysis is a crucial tool in a doctor’s kit.
Chris Steyn (02:03.704)
Chris, do we have any idea who is behind this attack?
Chris Bateman (02:09.069)
What I know is that they call themselves Black Suit. And I wrote one story for Health-e News, just giving some of the disaffection of the poor doctors who are already under severe pressure and a dysfunctional public sector system. This has really made their lives a heck of a lot more difficult.
And the hackers somehow realised, managed to get hold of me. Well, I don’t know if it was them per se, but let’s just say what happened. I got a call from a guy who called himself, he had a very thick Eastern European accent and I said to him, he was rambling on, carrying on and I said, listen, you’ve got to slow down and speak slowly so I can understand you. And you’ve got to tell me where you fit into the mix. Cause I thought he was an angry doctor or a surgeon or whatever. Cause I had a lot of those calls. And eventually he said, I’m the middle man between the Black Suit hackers and the NHLS.
And he said, you just do tell the NHLS that they must talk to us, they mustn’t be childish. We can fix this in a couple of hours. We can restore everything, revoke it back, or we can take off another terabyte. But you know, they want to fix this. They’ve already delayed a week. Just talk to us. So I conveyed that to the CEO of the NHLS Professor Koleka Mlisana.
Chris Steyn (03:27.64)
Well, what do the hackers want?
Chris Bateman (03:31.34)
I don’t know. This is the thing, they’re wanting to make contact. That’s their first demand. And once they’ve made contact, it’ll then become clear what they actually are after. And this is not just a South African phenomenon. There are reports of it, Mlisana that tells me that most countries outside of Russia, which makes them suspect that it’s Russian hackers, have been affected to some degree.
The NHLS, or the National Health System in the UK has apparently been similarly affected, around about the same time.
They’re talking about it a bit in the US, and there’s some talk of it happening in the motor industry as well.
So it seems to be a global phenomenon, certainly as indicated by this Eastern European accent that appeared on my phone.
Chris Steyn (04:14.296)
So what efforts are now being made by the Department of Health to deal with this crisis?
Chris Bateman (04:20.619)
The Department of Health are kind of coming up to speed slowly, well, relatively slowly. The NHLS are grouping all the emergency blood tests together, and so it has to be done manually. And the tertiary hospitals have laboratories, there’s six of them, but God help the district hospitals and the outlying clinics. But the doctors have to wait.
Normally you can get an electronic test in a couple of hours, six hours or nine hours…A manual test if you’re lucky is twenty four hours and and sometimes twenty times longer than the than the electronic so they are uitgelewerd, to use a good South African term, to to these hackers in terms of all the way critical diagnosis and treatment is required
…to answer your question more specifically, that what’s happened is there is a system called the Patient Information System, Single Patient Information System, which is a bit dated, but does work. And on that, you can aggregate a single patient’s all their data that’s been recorded previously, and you can access that as a doctor. And so they can look at previous blood tests that give them a trend of an individual patient. And that’s been activated in the Free State, KwaZulu-Natal, and the Western Cape, and Free State is piggybacking on on Gauteng. So so in in those at least some of the provinces, the main ones, and there is a backup system but it it’s it’s the system is is debilitated. I mean you know that they are using second-string technology and they are using manual testing; there is no electronic testing available and they won’t to be for three weeks according to Mlisana who says that her people are working flat out – and they’ve got a very good leadership in the NHLS. They’re a good outfit, but they’re working flat out to try and aggregate the urgent tests so that they can phone out the results and so on. But it’s really, the system itself is crippled, we would not be putting too fine a point on it.
Chris Steyn (06:32.28)
So how long is it likely to take to restore the computer system?
Chris Bateman (06:37.704)
The IT, well, this is reported to me by the CEO, Mlisana, professor. The IT guys have told her because they’re trying to build in more sophisticated, updated, whatever, security anti-hackware, it’s gonna take three weeks. She says that by this week, they were hoping to get some kind of operability, but it’s nothing like what it was.
But three weeks is, if you’re going to tell your doctors, your patients out there, three weeks is probably what they’re expecting it to take now.
Chris Steyn (07:16.376)
How many blood tests will not have been processed during a period of three weeks.
Chris Bateman (07:20.071)
Well, I worked it out, worked it backwards. I asked her how many tests they do per year and it was 110 to 111 million. So divide that by weeks. So we’re talking three weeks and it’s about 6 .3 million tests that will not get done.
Chris Steyn (07:40.472)
Meanwhile, Chris, what scenes are playing out in hospitals and clinics at the moment? You have been getting calls from doctors and medical personnel.
Chris Bateman (07:51.815)
You know, I’m getting different, you know, you get emotional if you invested in diagnosing and treating a patient and I’m getting, and I’m saying, so take it with a pinch of salt, but I mean, doctors, one guy said he’s incandescent with rage. The other guy said that this is an unmitigated disaster. Obviously these guys are emotional, but, and everybody’s trying to work together to find a solution. So it’s not going to help to point fingers at one another, but, I’ll give you one example, Canary in the Coal Mine perhaps. A 12 year-old-girl at Groote Schuur, they haven’t diagnosed her, but she’s dying and she’s really in trouble. She’s in high care and they’re trying to find out what’s wrong with her and they can’t, and these are highly skilled, you know, world-class clinicians, cannot find out what’s wrong with her without a blood test. So, you know, it’s touch and go there and that’s going to be repeated across the country.
The tertiary hospitals have internal laboratories on site. However, they also linked to the National Health Laboratory system, the electronic one. And so they can only do it manually. So whereas it would take six hours or so to get a test done and then you can start treating, now it’s 24 hours or longer because it’s all done on paper.
So we’re back to two decades back in terms of everything being processed by paper. Doctors going down, shuffling through the printouts, trying to find out what’s going on, all phoning through by phone and saying, you are number 3 000 in the queue. Please be patient. So that’s what the situation is looking like.
But just to paint the picture, whether it’s CT scans where you require radiology, where you require a contrast medium and you have to have a blood test before to make sure there are going to be no contraindications, whether it’s TB, HIV, antibiotics, operations, before an operation you have to have your blood checked to check that your liver and your kidneys are okay, that you’re going to be able to handle the anesthetic.
It’s impacting across disciplines. You know, as I said before, blood testing and analysis is a crucial tool in a doctor’s kit.
Chris Steyn (10:01.912)
Chris, you have already been told that there are people dying, but obviously it will take many months for the true impact on human lives to become apparent.
Chris Bateman (10:12.257)
I think so, as in COVID, you know, we had the lockdown, I think nobody realised they we’re flying blind what the long-term impacts of that were. People couldn’t get to clinics, couldn’t take their medication. You know, some people were very sick. People were scared to travel, to get to go out. And now we’re only realising the true impact of what that lockdown cost us in lives and aggravated illness. So it’s going to take a long while for this to be quantified and to see what impact it had.
Chris Steyn (10:44.152)
Meanwhile, what advice do you have for people who need to go to clinics and hospitals?
Chris Bateman (10:49.409)
Just go get it done. It’s just going to take longer for your blood tests results to come back because it’s being done manually. Of course, we’re talking about the public sector here, which is 70, 80% of our population. The private sector, unaffected, they’ve got their different systems which are operating quite efficiently. So if you’ve got a medical aid card, you’re generally OK. Which brings in the question, this is a good…
Chris Steyn (11:17.656)
Well, can’t the private sector step in?
Chris Bateman (11:20.351)
Well, as I said, during COVID, remember, they helped out a lot with testing pharmacies and stuff. And the same thing is being, they’re going for that here. Mlisana says that they’re in early talks with private labs, but remember, their systems, computer systems are different. And then they’ve got to negotiate a contract to, you know, how many million are they going to do for how much? So, but there is, I think, if I was to give any message, it’s there is some urgency here, which I don’t think maybe the general public are aware of in terms of solving or addressing this until they get it back up again.
Chris Steyn (11:58.808)
Well, thank you. That was Chris Bateman speaking to BizNews about the devastating effect of a ransomware attack on South Africa’s Health Laboratory Service. Thank you so much, Chris.
Chris Bateman (12:11.167)
You’re very welcome, Chris
Read also: