Skip to main content

Data protection: CHISU supports Ghana Health Service IT staff cybersecurity and systems administration training

In consultation with the Ghana Health Service Information Communication and Technology Unit of the Policy Planning, Monitoring, and Evaluation Division (ICT/PPMED), CHISU engaged the information technology training institute Open Labs to conduct a three-week in-person training on cybersecurity and server administration for national-level ICT staff in January 2023. The training covered a basic understanding of cybersecurity and ethical hacking, foot-printing and reconnaissance, hacking web applications, introduction to cloud computing, and cryptography. 

The training was divided in two sessions: database administration using Postgre and Linux operating system administration. Participants were taken through key concepts of Internet networks and the types, standards, configurations, encryption and authentication protocols. The training highlighted the most recommended online safety measures. Several threats against wireless networks - including evil twin, brute force, and rogue access point threats - were also discussed. 

 

Image
Participants during workshop
Workshop participants, trainers and CHISU representatives. Photo: CHISU Ghana.

Overview of Ghana DHIMS2 

In Ghana, the District Health Information Management System (DHIMS2) collects, collates and stores health service delivery data across the country. DHIMS2 e-Trackers capture transactional and granular data, with eight  instances currently deployed in the country: National Tuberculosis Control Program (NTP), National AIDS Control Program (NACP), Early Infant Diagnosis (EID), MCH/FP, Community-based Health Planning and Services (CHPS), Malaria Outpatient Department (OPD), Functional Community-based Health Planning and Services (fCHPS), Medical Causes of Death Certificate, and COVID-19 vaccination. 

One of the known causes of server dysfunction and subsequent possible data loss in a hybrid system such as an e-Tracker (available both as an online/offline mobile and web application) is its vulnerability to malignant intrusions and hacking on the network and the server. Although DHIMS2 has inbuilt security mechanisms - such as two-factor authentication - to curtail hacking and ensure both authentication and authorization, shortfalls in network and domain administration could still make the system vulnerable.

The Ghana Health Service ICT/PPMED identified cybersecurity and data protection as a priority and sought the assistance of the USAID Country Health Information Systems and Data Use (CHISU) program to train staff in these areas.

Topics covered during the training in January included an introduction to relational databases, creating databases, tables, functions, procedures and triggers, implementing indexes and views, managing users and views, and backup and restoration. The Linux Operating System Administration session covered Linux distribution, files and folder management, working with users and permissions, scheduling and automation using CRON, shell scripting, disk management, and web hosting.

The activity contributed to the enhancement of the national-level capacity to better manage and protect the health information systems of the Ghana Health Services, including the DHIMS2 and various e-Tracker modules against external intrusions. The Head of the ICT Unit, who also took part in the training, made very positive remarks:

“I acquired excellent knowledge in cybersecurity in these three weeks of intensive training with Open Labs. Training instructors were well versed in the subject matter and had many years of experience in cybersecurity. The practical sessions made me appreciate this course's value and the need for IT security awareness among health workers. Cybersecurity is a course for all, not only IT professionals. Now I have what it takes to fully protect and manage health data against internal and external threats.”  

Another participant, Selorm Nutakor, said that the course was exciting and challenging, adding: “This is my first training in cybersecurity, and I have learned a lot. The lectures were insightful and carefully designed for practical use. I advise that we give this training more time in the future. Additionally, I recommend continuous capacity building and skills upgrades in cybersecurity or any other area for the staff of the ICT unit.”  

To sustain the gains made, CHISU is providing additional support to the Ghana Health Service to develop a cybersecurity awareness and data protection training manual for in-service training. Once developed, the manual will be used to periodically train healthcare service providers, IT and non-IT staff across the country to enhance their capacity in safeguarding health management information data or information generated during service provision, including surveillance, monitoring and evaluation data. 

Other Recent Posts

Improving health equity in Ghana with geo-enabled digital microplanning tools

In Ghana, obtaining primary care can be a challenge, with many rural communities lacking access to health facilities and services. The Ghana Health… Read more ›

Developing a blueprint for Suriname's health information exchange platform

Health care service delivery in Suriname, a small country on the northeastern coast of South America, has long been complex given the country's… Read more ›