How Legacy Systems, Underfunding IT Teams Expose Healthcare Sector to Cyberattacks

Emma Okonji

Microsoft Chief Security Advisor for Africa, Kerissa Varma, has said Africa’s healthcare sector is facing serious cyberattacks, occasioned by the challenges of under-resourced environments, uneven distribution of resources and massive demand for healthcare services.

Varma, who said this in a statement, explained that the healthcare industry in Africa, particularly in the public sector, “is working with legacy systems, fragmented infrastructure, and underfunded IT teams, all of which combine to make the sector an easy target for unscrupulous bad actors in the cyberspace.”

The expert said: “Many medical institutions are adopting open-source Artificial Intelligence (AI) tools for diagnostics and patient management. While cost-effective, these platforms often lack enterprise-grade security, leaving sensitive data exposed. Combined with fragmented storage of paper and electronic patient records – often unencrypted and scattered across multiple systems – the risk of breaches multiplies.”

According to her, medical records are also a premium target for cybercriminals. “In the United States of America, researchers found that patient records, insurance details, and research data fetch premium prices on the dark web – up to 10 times higher than financial data, according to cybersecurity analysts. A single stolen medical record can sell for between $260 and $310, compared to between $30–$50 for a credit card, because unlike credit cards, medical records never expire and medical information cannot be easily changed, making it useful for years,” Varma further said.

Microsoft believes cybersecurity needs to be embedded into every technology implementation. This should be a key priority, especially with sensitive medical data and operations, the expert added, insisting that while doctors fight to save lives, cybercriminals are infiltrating hospitals, laboratories, and clinics, turning life-saving environments into digital battlegrounds.

Giving details about the growing epidemic, Varma referenced the Director-General, World Health Organisation, Tedros Adhanom Ghebreyesus, who said: “At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend, and even cause patient harm and death.”

Explaining how healthcare can use modern technology safely, Varma said: “As Africa’s healthcare systems digitise and embrace Artificial Intelligence (AI), protecting the digital lifeline must become as critical as protecting the physical one. Key steps can secure healthcare organisations and facilities like laboratories and diagnostic services’ systems.”

According to her, medical professionals and healthcare facilities often prioritise the resilience of physical capabilities. “Power backups, multiple devices should equipment fail, and a standby roster in the event of a practitioner being unavailable are all practices that save lives. Equally cybersecurity and safeguarding online systems needs to be built into the overall resilience planning of medical facilities and services.

“Having a response plan that is practiced and maintained in the event of cyber breach and ensuring strong data backups could mean the difference between a total failure of health services or a minor incident. Ensuring incident response plans are aligned with local compliance laws such as South Africa’s POPIA, and Kenya and Nigeria’s Data Protection Acts is critical for healthcare providers to meet both their resilience and compliance objectives.

“Prepare for AI-driven attacks that are going to increase attacker speed and success

Threat actors are increasingly exploiting the interconnectedness of modern software ecosystems and operational structures to conduct malicious activity, so regular auditing of third-party integrations, especially those involving AI or cloud services, is critical. Adversaries are using AI to scale and tailor operations, with AI-driven phishing being 4.5x more effective than traditional phishing,” Varma further said.

She however said in equal measure, AI is transforming cyber defence – it automates response and containment, detects threats faster and more accurately, and identifies detection gaps and adapts to attacker behaviour.

She therefore advised healthcare organisations to invest in AI-driven threat detection for faster response and anomaly detection and to also take steps in securing AI models and data pipelines by implementing robust access controls, vulnerability scanning, and regular patching for open-source tools.

She also stressed the need for the healthcare sector to invest in people and skills, adding that people are at the heart of robust cybersecurity measures.

“It is vital to train staff against common tactics such as phishing, which is the most common entry point for attackers, and apply role-based access controls for both clinical and research data to prevent privilege misuse. Cybersecurity is no longer an IT issue – it’s a patient safety issue. Healthcare services and providers must treat digital resilience with the same urgency as infection control. By investing in comprehensive cybersecurity strategies and leveraging AI-powered defences, Africa’s healthcare sector can position itself as a crucial front line against emerging threats and help build stronger, more resilient digital ecosystems,” Varma said.