News

The management of the Komfo Anokye Teaching Hospital (KATH) in Kumasi has expressed concern about the rising cyber threats in Ghana’s health sector as it opened the 2025 Cybersecurity Awareness Week.

Held in collaboration with the CSA, the event that formed part of NCSAM 2025 brought together participants from healthcare institutions, government agencies, academia, law enforcement agencies and the cybersecurity community.

Delivering his opening remarks, the Chief Executive Officer of the KATH, Dr Paa Kwesi Baidoo, said the rapid digital transformation sweeping through hospitals had created new vulnerabilities that could not be underestimated. Citing the global surge in ransomware attacks documented in the Phonimore Report 2023, he cautioned that the accelerated shift to digital systems during COVID-19 left many health facilities exposed. “Protecting patient information is an ethical obligation as much as a professional one,” he said, as he outlined steps taken by KATH, including cloud-based security frameworks, regular audits and staff training to strengthen resilience and uninterrupted care.

Representing the hospital’s board, Professor Eric Addison said breaches of patient data should be considered ethical failures, not technical accidents. He emphasised that KATH’s designation as a CII under the Cybersecurity Act 2020 (Act 1038), added responsibility on the hospital to maintain high cybersecurity standards. He encouraged the sector to prepare for a future where AI-powered tools become central to healthcare security.

Delivering remarks on behalf of the Ashanti Regional Minister, Mr Twum Samuel Nkansah, said cyberattacks on hospitals were now a direct threat to public safety, noting that delays caused by digital disruptions could jeopardise surgeries, medication management and emergency response. He stressed that cybersecurity must be embraced by all staff, not only IT units, and pledged regional support for efforts to secure patient data.

In his keynote address, the acting Director General of the CSA, Mr Divine Selase Agbeti, placed Ghana’s health sector risks within global and national trends. He noted that while digital platforms have improved care delivery, they have also exposed hospitals to ransomware, phishing and credential theft. He referenced the Data Protection Act and the Cybersecurity Act as the backbone of national resilience and announced progress towards establishing a Health Sector Computer Emergency Response Team and a new Risk Assessment Framework.

Mr Agbeti highlighted the human factor as the leading cause of breaches, stressing the need for continuous training and transparency in reporting incidents.

A panel of experts from the CSA, the Ghana Police Service, academia, the Ghana Health Service and the legal fraternity reinforced the call for stronger systems. Speakers warned that weak networks, outdated software and unreported cyber incidents increased national security risks stressing the need for healthcare facilities to design systems with built-in security, invest in modern IT infrastructure, adopt clear policies on staff access and roll out routine cybersecurity training. The ethical and human cost of data breaches was also highlighted, particularly for patients with sensitive conditions.