Securing the privacy of patients’ electronic personal information in South African hospitals during COVID-19.

Abstract

South African organisations have been noticeably ill-prepared in their prevention of data breaches, even amidst the coronavirus public health predicament, where a palpable onslaught of cyberattacks targeting the healthcare sector has arisen locally and globally. The true victims of hospital data breaches in particular remain the patients, who are ultimately deprived of their constitutional right to privacy when electronic records containing their personal information become ‘free real estate’ to cybercriminals. The crux of deterrence of such cybercrime is within the principle of prevention via the utilisation of appropriate cybersecurity and information security controls at an organisational level. With the newly promulgated Protection of Personal Information Act (2013) and Cybercrimes Act (2020), greater legal scrutiny is placed upon South African hospitals to defend the privacy of patients’ data stored on their systems. As per the National Health Act (2003), hospitals have a further obligation to maintain the confidentiality of their patients’ records. This study proposes effective cybersecurity and information security practices that lend support in ensuring the confidentiality, integrity and accessibility of patients’ electronic personal information records in South African private hospitals. Compliance thereof would definitively result in enhanced service delivery and data security for these hospitals and patients alike, whilst adhering to the national legislative requirements.