As the country grapples with cyberattacks, the Health and Social Services Ministry's dashboard, specifically the Pharmaceutical Management Information System, was compromised, revealing the names and email addresses of the primary users.
However, Ben Nangombe, the Executive Director of the Health Ministry, stated that it is unclear whether the entire data set was copied by the hackers or not.
Nangombe clarified that the dashboard does not contain personal patient records but tracks the number of patients accessing services and performance indicators.
It visualises data on medicine stock levels and patient enrolment for specific services at both the facility and national levels.
Despite the breach, the dashboard remained operational until the server was manually shut down by the ministry, allowing continued access to the data.
The server was taken offline to prevent further damage and limit the risk of additional breaches.
"The dashboard will be deployed in a new environment with updated security patches, and all user login credentials will be reset. Only essential users will be registered, and the dashboard will be hosted within the Ministry's internal network, restricting Internet access. Strict password policies will be enforced to minimise the risk of compromise. Further actions include ongoing investigations to gain deeper insights into the breach, addressing server and network vulnerabilities, and reviewing and enhancing security policies to protect sensitive data across the Ministry."
The Executive Director in the Office of the Prime Minister, I-Ben Nashandi, says while investigations are ongoing to determine the full extent of the attack, the office regularly updates its cybersecurity frameworks and protocols, with the latest one conducted in September.
These updates include third-party testing of vulnerable systems to mitigate the likelihood of similar incidents in the future.
Contrary to media reports, he also clarified that the breach from government institutions only affected the Health Ministry's data.
Although Namibia's Data Protection Act, which could impose significant fines for data breaches, has not yet been enforced, Telecom Namibia's CEO, Stanley Shanapinda, stated that the company is prepared to address any customer concerns and any actions it may wish to take.
The Chief Executive Officer of the Communications Regulatory Authority, Emilia Nghikembua, advised everyone to play their part in preventing cyberattacks, adding that institutions in need of help may also reach out.