Mind The (Infrastructure) Gap: Lessons from South Africa

As part of our ongoing series on research security, this blog explores how infrastructure and digital vulnerabilities can undermine research integrity - even in countries with vibrant and globally connected research ecosystems. South Africa, a leader in fields such as health sciences, biodiversity, and astronomy, offers important lessons on the risks posed by outdated systems, limited cyber capacity, and operational blind spots.

Case Study 1: The 2024 National Health Laboratory Service (NHLS) Ransomware Attack

In June 2024, the National Health Laboratory Service (NHLS) - the backbone of South Africa’s public health diagnostics—was hit by a severe ransomware attack. The incident caused major disruptions, rendering laboratory information systems, backup servers, and internal communications inoperable for weeks. Millions of blood and pathology tests were delayed, and hospital care was affected as clinicians were forced to rely on manual results and phone communications. Portions of system backups were deleted, requiring a full rebuild and urgent cybersecurity upgrades.

This attack exploited technological and resource gaps:

• Outdated IT infrastructure and insufficient cyber-defenses.

• Limited capacity for rapid system recovery and continuity of critical health research and diagnostics.

• Health research is deeply intertwined with operational systems - security failures affect both.

  
  

Case Study 2: The University of Mpumalanga Bank Accounts Incident

South African media reported on cybercriminal attacks targeting university finances. The University of Mpumalanga suffered an attack on its bank accounts, reportedly enabled by phishing and insider manipulation. While the main goal was financial theft, the breach highlighted how weaknesses in digital and human security can expose administrative and research data to risk - especially when university systems are interconnected.

The incident prompted a review of internal controls and highlighted the need for stronger identity management and staff awareness.

Key Lessons:

• Insider threats and social engineering remain potent risks.

• Financial systems are often linked to research and student data - breaches can cascade.

• Universities must invest in both technical controls and human-centric security training.

Lessons and Path Forward

South Africa’s experiences reveal several important lessons for research managers, IT leaders, and policymakers:

• Attacks often target weak points in digital infrastructure - especially when systems are aging or complex.

• Rapid adoption of new technology (like cloud storage) without robust controls can unintentionally expose data.

• Ransomware and digital threats can have long-term impacts on scientific progress, patient care, and international trust.

• Proactive security measures, capacity building, and staff awareness are vital to prevent and contain breaches.

• Clear protocols, regular cyber audits, and responsive policies are essential for resilience.

  
  

South Africa’s research community continues to innovate and lead, but these case studies demonstrate that closing the infrastructure and training gaps is not just a technical challenge - it’s fundamental to securing the future of science.