A threat actor known as gesss is claiming to have breached the South African Department of Health (NDOH) Permits platform, hosted at https://ndoh.permits.e2.co.za.
In the post, the actor refers to a “global error system” used to hack health systems in Africa, stating that the breach affects the “health section” of an African country, with a direct link to the NDOH Permits platform dashboard exposed in the post.
The actor encouraged forum members to visit the exposed links, claiming that if they are no longer accessible, it means they have since been patched by cybersecurity teams.
At this stage, no full data dump has been shared — but the attacker’s post suggests that at minimum, unauthorized access was obtained to the health permits platform, and potentially to its backend databases.
The NDOH Permits system was used in South Africa for managing travel permits and exemptions during COVID-19 — and depending on whether it remained in use post-pandemic, it may still store personal and sensitive data.