Experts are raising concerns over the vulnerability of Ghana’s health sector to cyber-attacks, calling for an immediate boost in cybersecurity measures to protect sensitive patient data and the integrity of hospital services.
Speaking at the Cybersecurity Awareness Week symposium held at Komfo Anokye Teaching Hospital, Mr. Stephen Cudjoe-Seshie, Head of the National Computer Emergency Response Team at the Cyber Security Authority (CSA), emphasized the critical need for enhanced cybersecurity across healthcare institutions.
He revealed that recent assessments conducted by the CSA uncovered significant vulnerabilities within the sector, making it a prime target for cyber threats.
“Cybersecurity maturity in the health sector is alarmingly low, particularly compared to sectors like banking, finance, and telecommunications. Urgent action is needed to protect critical health systems from cyber-attacks,” Mr. Cudjoe-Seshie stated.
The symposium, aimed at educating hospital staff on cybersecurity best practices, highlighted the importance of protecting patient data and ensuring compliance with Ghana’s Data Protection Act and Cyber Security Act. The event also focused on mitigating human error, a leading cause of security breaches in healthcare.
Over the past 18 months, the CSA conducted vulnerability scans on 15 healthcare entities, including eight public hospitals, three private hospitals, and four medical laboratories.
The findings revealed six critical security vulnerabilities, such as the lack of password encryption, outdated software, and misconfigured systems susceptible to Distributed Denial of Service (DDoS) attacks.
Mr. Cudjoe-Seshie explained, “We discovered several systems without password encryption, meaning sensitive passwords could be easily intercepted and used by attackers. Outdated software also makes these systems easy targets for exploitation. Additionally, some institutions failed to encrypt data transactions, leaving them exposed to cyber-attacks.”
The CSA has partnered with the Ghana Health Service to develop a cyber-hygiene curriculum designed to train healthcare workers on key cybersecurity practices. This initiative aims to equip them with knowledge on common cyber threats and data protection measures.
“As healthcare professionals, we have a sacred responsibility to protect our patients’ data. It’s not just about regulatory compliance, it’s about safeguarding trust,” said Professor Otchere Addai Mensah, CEO of Komfo Anokye Teaching Hospital, during the event.
He stressed that patients share their most sensitive information with healthcare providers and expect that their privacy will be respected.
Professor Addai Mensah also addressed the growing threat of misinformation, which has been amplified by the rapid spread of digital content, particularly during the COVID-19 pandemic. He noted that misinformation not only endangers public health but also undermines trust in healthcare systems, leading to reluctance in seeking necessary care.
The symposium concluded with a call for stronger collaboration between healthcare providers, technology experts, and policymakers to establish robust data protection frameworks and combat misinformation effectively.
