AI specialist alerts the public to the five cyber security risks for 2026.
Image: IOL / Ron AI
DURBAN’S Ahmed Al-Kadi Private Hospital has confirmed a ransomware breach after attackers gained access to its computer systems and locked parts of its network.
The incident, which occurred on April 18 was only disclosed this week when patients were notified via text messages.
“Dear Valued Patient. We are writing to inform you of a recent data incident involving Ahmed Alkadi Private Hospital. All reasonable steps have been taken to contain your personal information. Further details are available on our website…Patient care has not been impacted, and we continue to provide quality healthcare services at our hospital.”
On its website the hospital says external cybersecurity specialists were brought in immediately after the intrusion was detected. Their role, it said, was to contain the breach, investigate the extent of access, restore affected systems and assess whether any personal information was compromised.
"Our investigations confirmed that an unauthorised third party gained access to our IT environment and deployed ransomware, which encrypted a portion of our environment."
The hospital has also reported the matter to the Information Regulator, as required under POPIA, and says it will co-operate with authorities as investigations continue.
Patients were urged to be cautious and warned of possible phishing attempts, impersonation and fraud linked to the incident. The hospital also advised patients not to share banking or personal information and to report any suspicious contact immediately.
“Please exercise caution in relation to any requests for banking information or other personal information,” the hospital said, adding that patient care had not been disrupted and services continued as normal.
So far Ahmed Al-Kadi Private Hospital has not confirmed whether any personal or medical information was accessed or removed from its systems. It says investigations are continuing to determine the full scope of the incident.
The latest breach forms part of a wider pattern of cyberattacks targeting South African institutions that hold large volumes of sensitive personal data, including health, financial and government records.
Between April 2025 and March 2026, the Information Regulator received 3 219 data breach notifications, of which 1 858 were linked to the financial services sector.
According to the regulator, most incidents were driven by human error or internal system failures rather than external cyberattacks. It classified 2 677 notifications as “non-cyber compromises”, including procedural mistakes and organisational weaknesses, while 250 involved malicious cyber activity.
The figures point to repeated exposure across both public and private systems, where sensitive data is stored and processed daily.
However, cyber experts say the issue is systemic, and that both cyberattacks and human error are to blame for the ongoing data breaches and ransomware attacks.
Chris Norton from cybersecurity company Kaspersky previously said that attacks on major institutions are not isolated events.
“They reflect a broader shift towards credential theft, weakly protected cloud access, phishing, and the reuse of compromised data at scale.”
Industry experts say attackers are increasingly targeting institutions holding large volumes of personal and national data, and they warn that methods are evolving, with phishing, ransomware and impersonation scams becoming more convincing and harder to detect.
Stolen login credentials are also increasingly used to gain access to systems, often without immediate detection.
Previous incidents have affected institutions including Statistics South Africa, the South African Weather Service, the Department of Home Affairs, the Department of Justice and Constitutional Development, the Companies and Intellectual Property Commission, as well as major banks and insurers.
In some cases, services were disrupted to the point where citizens were unable to access records or complete basic administrative processes.
Experts say the challenge for organisations is no longer only preventing attacks, but detecting and containing them quickly once they occur, before systems are more widely affected.
For now, Ahmed Al-Kadi Private Hospital says it continues to monitor the situation closely and has urged patients to remain alert to suspicious communication while investigations continue.