Life Healthcare Group, a private hospital operator, has taken its southern African operation systems offline after being a victim of a “targeted criminal attack” on its IT system.

“…our admissions systems, business processing systems and email servers are currently unavailable, following a criminal attack on our IT systems,” said Nicole du Preez, CEO, Employee Health Solutions, told clients and members in a statement on Tuesday.

It is unclear when exactly the attack occurred, but Du Preez stated that they acted immediately when they were aware of the attack on the system.

“As a precautionary measure, we took the affected systems offline for investigation and where necessary remediation,” Du Preez said. 

“In line with business continuity plans, employees at our hospitals, our onsite EHS clinics and administrative offices have switched to backup manual processing systems in the interim.”

Adam Oxford, a freelance technology journalist and consultant, told Daily Maverick that though patient care has not been affected, the breach had affected admissions systems, business processing systems and email servers.

“There’s a lot about not interrupting patient care but nothing about patient data,” Oxford said. 

“What did the intruders gain access to, did they see healthcare records or billing records? That’s some of the most highly sensitive data about a person you can have.”

“The extent to which sensitive data has been compromised is yet to be ascertained as we are still in the process of investigating,” said Du Preez.

Official comment was not immediately available at the time of publication. DM

This article was amended at 9.15am on 10 June, 2020.