As data breaches surge globally, South Africa’s healthcare sector remains a prime target—highlighted by a recent ransomware attack on the National Health Laboratory Service (NHLS). Legal experts warn that while privacy protections exist, they are not being effectively implemented in practice.
Writing in the South African Medical Journal, attorney Safia Mahomed calls for stronger governance tailored to South Africa’s specific context, as well as adaptable infrastructure and ethical frameworks to safeguard biomedical big data (BD). These datasets – comprising genomic information, medical records, and more – form the foundation for AI development in healthcare but also expose new vulnerabilities.
From 2015 to 2022, healthcare accounted for 32% of all reported data breaches in South Africa. In Q2 2023 alone, African healthcare institutions faced an average of 1,744 cyberattacks per week, a 30% year-on-year increase. South Africa ranks as the 8th most targeted country globally for ransomware, per a CSIR report.
The NHLS attack, allegedly carried out by the BlackSuit hacking group, compromised 1.2 terabytes of sensitive data. Mahomed argues that this, alongside AI-fueled data partnerships like Informa’s $10 million deal with Microsoft, underscores the urgency for enforceable protections and greater transparency around data use.
While AI has been used in African healthcare since the 1980s, current technologies like generative AI, Artificial General Intelligence, and cloud-based health records raise ethical and legal questions. South Africa’s existing legal tools – including the Constitution, the National Health Act, and the Protection of Personal Information Act (POPIA) – provide a starting point but may not be fully equipped to handle the pace of AI evolution.
Mahomed recommends:
- Stronger access controls and breach response protocols;
- A national data transfer agreement template;
- A regulatory framework for ethical AI;
- Community engagement and digital literacy;
- Upskilling research ethics committees;
- Clarifying data ownership;
- Increased investment in digital infrastructure and data accessibility.
South Africa has laid the groundwork for privacy governance, but Mahomed cautions that legal protections must move beyond theory. With AI’s role in healthcare expanding, the balance between innovation and data protection has never been more critical.
