Life Healthcare Group, the second-largest private hospital operator in South Africa, suffered a severe cyber attack during the COVID-19 pandemic. The attack forced the company to take critical systems offline, including admissions, business processing, and email servers, while switching to manual backup processes. Though patient care remained unaffected, administrative delays occurred due to disrupted digital infrastructure. The extent of sensitive data compromise (e.g., patient, employee, or financial records) is still under investigation by external cybersecurity experts and forensic teams.The attack exploited vulnerabilities heightened by the pandemic, aligning with global trends where healthcare providers already strained by COVID-19 face increased ransomware, malware, and phishing threats. Authorities were alerted, and the company issued a public apology for the operational disruptions and distress caused to patients, doctors, employees, and stakeholders. The incident underscores the heightened risk to critical healthcare infrastructure during crises, where cybercriminals target weakened security layers (e.g., remote work setups) to maximize impact.
TPRM report: https://www.rankiteo.com/company/life-lhs
"id": "lif33104933102725",
"linkid": "life-lhs",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "100",
"impact": "7",
"explanation": "Attack that could injure or kill people"{'affected_entities': [{'customers_affected': 'Patients, doctors, employees, '
'funders, and stakeholders '
'(exact number undetermined)',
'industry': 'Healthcare',
'location': 'South Africa',
'name': 'Life Healthcare Group',
'size': '6,500 beds; second largest private hospital '
'operator in SA',
'type': 'Private Hospital Operator'}],
'customer_advisories': ['Public apology issued',
'Manual processes implemented to minimize disruption'],
'data_breach': {'data_exfiltration': 'Undetermined',
'personally_identifiable_information': 'Undetermined',
'sensitivity_of_data': 'Undetermined (potentially high, given '
'healthcare context)',
'type_of_data_compromised': 'Undetermined (under '
'investigation)'},
'description': 'Life Healthcare Group, the second largest private hospital '
'operator in South Africa, suffered a severe cyber attack '
'during the COVID-19 pandemic. The incident disrupted '
'admissions systems, business processing systems, and email '
'servers, prompting the group to take systems offline and '
'switch to manual backup processes. External cybersecurity '
'experts and forensic teams were engaged to assist with the '
'investigation. The extent of sensitive data compromise is '
'still under investigation. Authorities were notified, and the '
'group assured that patient care remained unaffected despite '
'administrative delays.',
'impact': {'brand_reputation_impact': 'Potential negative impact due to '
'high-profile breach during pandemic',
'customer_complaints': 'Apologized for frustration, delays, and '
'distress caused',
'data_compromised': 'Undetermined (under investigation)',
'downtime': 'Ongoing (systems taken offline for containment)',
'identity_theft_risk': 'Undetermined (under investigation)',
'operational_impact': ['Switch to manual backup processes',
'Administrative delays'],
'payment_information_risk': 'Undetermined (under investigation)',
'systems_affected': ['Admissions systems',
'Business processing systems',
'Email servers']},
'investigation_status': 'Ongoing (extent of data compromise undetermined)',
'motivation': ['Exploiting COVID-19 fear/confusion',
'Financial Gain (potential)',
'Disruption'],
'ransomware': {'data_encryption': 'Undetermined (potential, given system '
'disruptions)',
'data_exfiltration': 'Undetermined'},
'references': [{'source': 'Life Healthcare Group SENS Announcement'},
{'source': 'World Economic Forum (WEF) Warning on COVID-19 '
'Cyber Risks'},
{'source': 'Unit 42 Report on COVID-19-Themed Attacks'}],
'regulatory_compliance': {'regulatory_notifications': ['Voluntary market '
'disclosure '
'(JSE-listed)',
'SENS update to '
'shareholders']},
'response': {'communication_strategy': ['Voluntary market announcement',
'SENS update to shareholders',
'Public apology for disruptions'],
'containment_measures': ['Systems taken offline',
'Switch to manual backup processes'],
'incident_response_plan_activated': 'Yes (business continuity '
'plans activated)',
'law_enforcement_notified': 'Yes (authorities alerted)',
'third_party_assistance': ['External cybersecurity experts',
'Forensic teams']},
'stakeholder_advisories': ['Assured patient care remains unaffected',
'Apologized for administrative delays'],
'title': 'Cyber Attack on Life Healthcare Group During COVID-19 Outbreak',
'type': ['Cyber Attack', 'Potential Ransomware', 'Potential Data Breach']}