The FCMB Heist: Insider Threats vs External Breaches
FCMB lost N677 million to an insider-enabled heist that looked nothing like the Sterling Bank data breach. Two different crimes, and the controls that catch each.
Read article
Could Nigerian Hospitals Be Next? Lessons from the Financial Sector Wave
Sterling Bank, Remita, FCMB, and the CAC have all fallen in 2026. If banks with real security programs were still breached, what about hospitals that have nothing in place? Why healthcare is the logical next target, and what hospital leaders should be doing this quarter.
Read article
The 2026 ByteToBreach Campaign: A Timeline of Nigeria's Financial Sector Breaches
ByteToBreach hit Sterling Bank, Remita and the CAC in 2026. A dated timeline of the campaign against Nigeria's financial sector, with the NDPC and CBN response.
Read article
NGX VAPT Requirements: What Listed Companies Need to Know
NGX requires Trading License Holders with online trading portals to complete VAPT at least twice per year. Learn who needs to comply, what the assessment covers, and how to prepare.
Read article
Protecting Cloud and SaaS in Healthcare
As Nigerian hospitals adopt cloud-based EMRs and SaaS platforms, new security risks emerge. A practical guide to protecting patient data in the cloud.
Read article
AI in Healthcare: Benefits, Risks and Best Practices
Artificial intelligence is transforming healthcare delivery, but it also introduces new cybersecurity and privacy risks. A practical guide to the benefits, dangers, and best practices for Nigerian hospitals.
Read article
The Rise of IoT in Nigerian Hospitals: Pros and Cons
Exploring how Internet of Things devices are transforming Nigerian hospitals, the benefits they bring to patient care, and the cybersecurity risks they introduce.
Read article
Simulated Phishing Tests: What, Why and How
Learn what simulated phishing tests are, why every hospital needs them, and how to run them ethically. A practical guide for healthcare organisations looking to strengthen their human defences.
Read article
Ward Manager Cybersecurity Responsibilities: The Missing Middle
Ward manager cybersecurity responsibilities decide whether a hospital's security policy survives contact with the floor. Why department heads make it real.
Read article
Educating Leadership: Cybersecurity for Executives.
Practical guidance for hospital executives and board members to understand cyber risk, and ask the right questions that protect patients, operations, and institutional trust...
Read article
Setting Cybersecurity Goals for 2026; Trends, Targets & Practical Steps To Protect Your Organization.
Set clear, practical cybersecurity goals for 2026; covering policy, training, vendors, and testing, to help hospitals protect patient data...
Read article
Hack Awards 2025: Healthcare Cyber Incidents & Lessons
A recap of 2025's biggest healthcare cyber incidents; global ransomware hits and African data breaches like Kenya's M-TIBA hack, and the critical lessons hospitals must learn...
Read article
Protecting Health Records: Cybersecurity and Trust in West African Hospitals
Strong cybersecurity builds patient confidence. Learn practical steps Nigerian hospitals can take to protect health records...
Read article
One Team, One Mission: Protecting Patient Data in Nigeria's Hospitals
Security isn’t just for IT: every hospital staff member has a role. From cleaners to clinicians to leadership, learn how teamwork protects patient data...
Read article
Security Assessment Checklist for Third-Party Vendors
Vet EMR & billing vendors with confidence: a clear checklist for encryption, MFA, backups, logging, audits and incident response to protect patient data...
Read article
How a Supply Chain Attack Reaches a Hospital: Five Attack Paths
How supply chain attacks work in healthcare: five attack paths that turn a trusted vendor, update, or medical device into the route into a hospital network.
Read article
Running a Vendor Risk Programme: Tiering, Contracts and Offboarding
Healthcare vendor risk management as a process: tier vendors by data access, write NDPA and National Health Act clauses into the contract, and offboard cleanly.
Read article
Joiner, Mover, Leaver: Running the EHR Account Lifecycle
EHR user account lifecycle done right: who provisions a joiner, why movers accumulate dangerous privilege, and how to deprovision a leaver the same day.
Read article
RBAC vs ABAC vs Break-the-Glass: Choosing an Access Control Model for Patient Records
RBAC vs ABAC vs break-the-glass for patient records: how each access control model decides who reads a chart, where role-based design breaks, and how to choose.
Read article
Building a Culture of Privacy
A near-miss showed one hospital that patient privacy is everyone's job. Discover how training every staff member built a culture of confidentiality and trust...
Read article
Beyond Passwords: Strong Encryption for Modern EMRs
Learn why Nigerian hospitals need more than just passwords to protect patient data. Discover how strong encryption for EMRs secures records in storage and in transit...
Read article
Privacy by Design Before You Build: Data Minimisation and the DPIA
Privacy by design for Nigerian hospitals: data minimisation, retention then deletion, and the DPIA you should complete before you procure an EHR, mapped to the NDPA.
Read article
Nigeria's Data Protection Laws: NDPA & the National Health Act
An overview of Nigeria's data protection laws, focusing on the NDPA and National Health Act, and their role in safeguarding sensitive health information...
Read article
Should a Nigerian Hospital Pay the Ransom?
Should a Nigerian hospital pay a ransomware ransom? The board-level pay or do-not-pay framework: backups, double extortion, patient safety, and NDPC duties.
Read article
Backup and Disaster Recovery for Healthcare
Learn why backups and disaster recovery are essential for hospitals to withstand cyberattacks and system failures while keeping patient services uninterrupted...
Read article
Healthcare Ransomware Playbook: A Practical Guide to Recovery
This guide walks healthcare institutions through practical ransomware defense and recovery strategies, from early detection to system restoration. Learn how to protect sensitive...
Read article
A Beginner's Guide to Preventing Malware in Hospital Systems
Malware can disrupt care and compromise patient data in African hospitals. Learn simple, strategic steps your facility can take to stay protected...
Read article
Understanding Ransomware: A Constant Threat in Healthcare.
Ransomware attacks are crippling hospitals across Nigeria and West Africa, locking critical patient data and disrupting care. Learn how these attacks happen, why healthcare is a...
Read article
So 1234 Is Your EMR Password? Don't Lose Your License.
Using weak passwords, posting patient data on WhatsApp, simple habits can lead to serious data breaches in hospitals. This post explores common EMR mistakes by doctors and ...
Read article
Beyond the Inbox: Tailgating, Pretexting and USB Drops in Hospitals
Physical social engineering in hospitals: how tailgating, pretexting and dropped USB sticks bypass every email filter, and the habits that stop them.
Read article
Business Email Compromise: When the Email Asks for a Wire Transfer
Business email compromise and CEO fraud move money in Nigeria without any malware. How the spoofed-request attack works, and the payment controls that stop it.
Read article
Spot, Stop, Report: How to Defend Your Hospital Against Phishing
Phishing attacks are a growing threat to hospitals in West Africa. This guide breaks down practical steps for staff and IT teams to spot phishing attempts, stop attacks before ...
Read article
The First 90 Days: Building Security Awareness into Staff Onboarding
Cybersecurity onboarding for new healthcare staff: a day-1 to day-90 induction plan for least-privilege access, acceptable use and data handling under the NDPA.
Read article
How to Identify a Phishing Email from Its Headers and Domain
How to identify a phishing email from its headers and domain: read the envelope sender, spot look-alike domains, and check SPF, DKIM and DMARC.
Read article
Antivirus Alone Won't Protect Your Hospital: Here's Why
Many hospitals still rely on antivirus software as their main line of defense, but cyberattacks have evolved. This blog explains why Nigerian healthcare institutions require ...
Read article
You Clicked the Link: The First 60 Minutes of Phishing Response
What to do after clicking a phishing link at work: a minute-by-minute response plan for the staff member who clicked and the helpdesk that has to contain it.
Read article
Don't Blame the Nurse: Why Insecure Workarounds Are a Tooling Problem
Why hospital staff use insecure workarounds like WhatsApp handovers, shared logins and USB transfers. The fix is rarely discipline. It is a tool that works.
Read article
Is Your Security Training Working? Measuring a Hospital's Awareness Culture
How to measure security awareness in hospitals: phishing report rates, time to report, and a quarterly scorecard tied to NDPA accountability.
Read article
Starting Your Cybersecurity Program: First Steps for Hospitals
Healthcare data is extremely valuable to attackers. Studies note that electronic patient records and protected health information (PHI) are often more lucrative than other data. Yet...
Read article
Regulations and Standards: NDPA, NHAct & Beyond
In Nigeria's hospitals, protecting patient data is not just good practice; it's a legal requirement. The Data Protection Act of 2023, and the National Health Act...
Read article
The First Hour of a Hospital Ransomware Attack: A Live-Response Timeline
The first hour of a hospital ransomware attack decides the rest. A T+0 to T+55 live-response timeline: who declares the incident, and whether to pull the network.
Read article
Learning from a Breach: Lagos Hospital Data Loss
A real-world look at how a Lagos hospital lost sensitive patient data, and the vital lessons every healthcare provider in Nigeria can learn from it.
Read article
When a Former Employee Still Has Access to Hospital Patient Records
A former employee accessing hospital patient records is the offboarding failure no one watches for. How insider risk and same-day deprovisioning work.
Read article
Partnering for Patient Privacy: Clarensec's Visit to the NDPC
On April 25, 2025, a delegation from Clarensec paid a courtesy visit to the Nigerian Data Protection Commission (NDPC) to share our vision for improving the security of health...
Read article
Why Cybersecurity Matters in Nigerian Hospitals
As Nigeria's healthcare system becomes increasingly digital, hospitals across the country are adopting Electronic Medical Records (EMRs), telemedicine platforms...
Read article
Securing healthcare in Nigeria: Protecting Patients in the Digital Age.
Explore how Nigeria's healthcare sector is becoming a prime target for cybercriminals amidst the shift to digital systems.
Read article