Nigerias hospitals are increasingly going digital, but that makes them targets for cybercriminals. Patient records hold sensitive personal and financial data that on the dark web can be “worth more than credit cards”. Attacks on health facilities are growing: INTERPOL reports that over half of African nations saw cyberattacks on critical infrastructure in 2024, and cybersecurity experts note that healthcare is now “a juicy target” in Nigeria's rising cybercrime landscape. In this interview, we speak with Mr. Chinwe Okoroafor, IT Director at Green Valley Hospital, Lagos, about a recent ransomware attack on her hospital; what happened, how the team responded, and the lessons learned for other healthcare leaders.
Q&A with Mr. Chinwe Okoroafor, IT Director, Green Valley Hospital (Lagos)
Q: Can you walk us through what happened when the
ransomware hit your hospital?
A: It was early
on a Wednesday morning when our staff found computers locked, with a
note demanding Bitcoin payment. Our electronic medical records (EMR)
and scheduling systems went offline. In our case, emmergency
patients had to be referred to other nearby clinics for a while. The
attackers knew hospitals operate 24/7 and often feel pressured to
pay the ransom quickly to restore care, so they expected we'd pay to
avoid disrupting patient care.
Q: What did you and your team do right away once
you realized it was a ransomware attack?
A:
First we isolated the issue. We literally pulled network cables and
took affected workstations and even had to take our server offline
to prevent the malware from spreading further, just as recommended
by cybersecurity authorities. Next, we convened our emergency
response team and notified hospital leadership. We then contacted
external help: we notified regulators and quickly called ClarenSec's
incident response team, who came in that evening to help with
forensic analysis and recovery. While they began collecting forensic
logs, we focused on restoring critical systems safely. For example,
instead of even considering paying the ransom, we began recovering
from our backups, as we were prepared for the incident and have been
planing our response to a potential incident for months.
Q: What mistakes or gaps in preparation did you
discover during the response?
A: In hindsight,
we found several issues. A server hadn't been patched for months, so
the malware exploited an old vulnerability. Also, some of our backup
files were on a drive still connected to the network, and those got
encrypted too. We realized we hadn't properly segmented certain
parts of our network. also, a vendor machine was accessible from
outside. We also hadn't drilled our incident plan; staff were
confused about who to call and how to communicate, which cost us
precious time. In short, we learned that assumptions about security
can lead to dangerous blind spots.
Q: How has this experience changed your approach to
IT security and incident preparedness?
A: We
took it as a wake-up call. First, we overhauled our backup strategy:
we now keep daily encrypted backups and store copies offline/offsite
(in line with best practices), and we test restoring from them
regularly. Second, we patched every system and improved our patching
schedule so we don't fall behind again. We added network
segmentation so that a breach in one segment can't spread
hospital-wide. We also tightened access controls and required
stronger passwords and multi-factor authentication wherever
possible. Importantly, we revamped our training: we now run
quarterly phishing drills for all staff, reminding them that most
breaches start with a single click. We documented clear response
playbooks (even simple written flowcharts of who does what) as
recommended by experts, and we're now holding regular tabletop
drills to practice them. Finally, we've kept working with ClarenSec:
they ran a security assessment for us after the incident and helped
update our policies. All these steps are guided by a checklist of
actions to make sure we don't make the same mistakes again.
Q: What practical advice would you give other
hospitals and clinics based on what you learned?
A:
My advice is to be proactive. Don't wait until an attack happens.
First, ensure you have reliable, tested backups stored offline, that
way you can restore your systems without considering a ransom
payment.
Second, keep all systems and medical devices patched and up to date,
and limit who can access critical data (use least-privilege accounts
and segment the network).
Third, train every staff member regularly - phishing attacks are
getting sophisticated, and studies show staff errors cause the vast
majority of breaches.
Fourth, have an incident response plan in place. Define who does
what, how to communicate internally, and run tabletop exercises so
everyone knows the drill.
Finally, don't try to handle it entirely alone: engage outside help
early if needed. Reach out to cybersecurity professionals (like
ClarenSec) and report incidents to the proper authorities.
Key Takeaways for Healthcare Leaders
- Maintain regular, tested backups of all critical data. Store at least one copy offline or offsite so you can recover systems without paying attackers.
- Keep software and medical devices fully patched and limit user permissions. Isolate and segment networks to prevent malware from spreading across the facility.
- Train and test staff frequently. Teach every clinician and clerk to recognize phishing emails and suspicious activity, since human error is a leading cause of breaches.
- Document and practice your incident response plan. Define clear roles and communication steps, and run drills so the whole team acts quickly and confidently if an attack occurs.
- Work with experts and authorities. Don't battle ransomware alone; involve a trusted security firm or government response team early, and follow their guidance instead of paying a ransom.
Mr. Okoroafor sums it up for hospital leaders; “don't wait for a crisis before you act”. Cybersecurity readiness is as vital as any medical emergency plan. By building defenses now, with strong backup routines, trained staff, and clear plans, hospitals protect patients and maintain trust. Healthcare providers in Nigeria and West Africa can turn to partners like ClarenSec for expert assessments, training, and support to strengthen their security. After all, in healthcare IT security, proactive security saves lives and resources down the line.
