Nigeria's hospitals are increasingly going digital, but that makes them targets for cybercriminals. Patient records hold sensitive personal and financial data that on the dark web can be "worth more than credit cards". Attacks on health facilities are growing: INTERPOL reports that over half of African nations saw cyberattacks on critical infrastructure in 2024, and cybersecurity experts note that healthcare is now "a juicy target" in Nigeria's rising cybercrime landscape.
In this interview, we speak with Mr. Chinwe Okoroafor, IT Director at Green Valley Hospital, Lagos, about a recent ransomware attack on his hospital, what happened, how the team responded, and the lessons learned for other healthcare leaders.
Do not wait for a crisis before you act. Cybersecurity readiness is as vital as any medical emergency plan.
Q&A with Mr. Chinwe Okoroafor, IT Director, Green Valley Hospital (Lagos)
Q: Can you walk us through what happened when the ransomware hit your hospital?
It was early on a Wednesday morning when our staff found computers locked, with a note demanding Bitcoin payment. Our electronic medical records (EMR) and scheduling systems went offline. In our case, emergency patients had to be referred to other nearby clinics for a while. The attackers knew hospitals operate 24/7 and often feel pressured to pay the ransom quickly to restore care, so they expected we would pay to avoid disrupting patient care.
Q: What did you and your team do right away once you realized it was a ransomware attack?
First we isolated the issue. We literally pulled network cables and took affected workstations and even had to take our server offline to prevent the malware from spreading further, just as recommended by cybersecurity authorities. Next, we convened our emergency response team and notified hospital leadership. We then contacted external help: we notified regulators and quickly called ClarenSec's incident response team, who came in that evening to help with forensic analysis and recovery. While they began collecting forensic logs, we focused on restoring critical systems safely. For example, instead of even considering paying the ransom, we began recovering from our backups, as we were prepared for the incident and had been planning our response to a potential incident for months.
Q: What mistakes or gaps in preparation did you discover during the response?
In hindsight, we found several issues. A server had not been patched for months, so the malware exploited an old vulnerability. Also, some of our backup files were on a drive still connected to the network, and those got encrypted too. We realized we had not properly segmented certain parts of our network. Also, a vendor machine was accessible from outside. We also had not drilled our incident plan; staff were confused about who to call and how to communicate, which cost us precious time. In short, we learned that assumptions about security can lead to dangerous blind spots.
Q: How has this experience changed your approach to IT security and incident preparedness?
We took it as a wake-up call. First, we overhauled our backup strategy: we now keep daily encrypted backups and store copies offline and offsite (in line with best practices), and we test restoring from them regularly. Second, we patched every system and improved our patching schedule so we do not fall behind again. We added network segmentation so that a breach in one segment cannot spread hospital-wide. We also tightened access controls and required stronger passwords and multi-factor authentication wherever possible. Importantly, we revamped our training: we now run quarterly phishing drills for all staff, reminding them that most breaches start with a single click. We documented clear response playbooks (even simple written flowcharts of who does what) as recommended by experts, and we are now holding regular tabletop drills to practice them. Finally, we have kept working with ClarenSec: they ran a security assessment for us after the incident and helped update our policies. All these steps are guided by a checklist of actions to make sure we do not make the same mistakes again.
Practical Advice for Other Hospitals
Q: What practical advice would you give other hospitals and clinics based on what you learned?
My advice is to be proactive. Do not wait until an attack happens. First, ensure you have reliable, tested backups stored offline; that way you can restore your systems without considering a ransom payment. Second, keep all systems and medical devices patched and up to date, and limit who can access critical data (use least-privilege accounts and segment the network). Third, train every staff member regularly. Phishing attacks are getting sophisticated, and studies show staff errors cause the vast majority of breaches. Fourth, have an incident response plan in place. Define who does what, how to communicate internally, and run tabletop exercises so everyone knows the drill. Finally, do not try to handle it entirely alone: engage outside help early if needed. Reach out to cybersecurity professionals (like ClarenSec) and report incidents to the proper authorities.
Key Takeaways for Healthcare Leaders
- Maintain regular, tested backups of all critical data. Store at least one copy offline or offsite so you can recover systems without paying attackers.
- Keep software and medical devices fully patched and limit user permissions. Isolate and segment networks to prevent malware from spreading across the facility.
- Train and test staff frequently. Teach every clinician and clerk to recognize phishing emails and suspicious activity, since human error is a leading cause of breaches.
- Document and practice your incident response plan. Define clear roles and communication steps, and run drills so the whole team acts quickly and confidently if an attack occurs.
- Work with experts and authorities. Do not battle ransomware alone; involve a trusted security firm or government response team early, and follow their guidance instead of paying a ransom.
Mr. Okoroafor sums it up for hospital leaders: "Do not wait for a crisis before you act." Cybersecurity readiness is as vital as any medical emergency plan. By building defenses now, with strong backup routines, trained staff, and clear plans, hospitals protect patients and maintain trust. Healthcare providers in Nigeria and West Africa can turn to partners like ClarenSec for expert assessments, training, and support to strengthen their security. After all, in healthcare IT security, proactive security saves lives and resources down the line.
Proactive security saves lives. Prepare today, protect tomorrow.