In the financial year ending June 2024, Kenyatta National Hospital (KNH) experienced a cybercrime incident resulting in a loss of KES 47 million.
An internal investigation led to the suspension of 11 employees implicated in the theft. KNH has since recovered Sh16 million of the stolen funds and reported the matter to the Public Service Commission (PSC) and relevant investigative agencies.
KNH Chief Executive Officer Evanson Kamuri stated, “The suspects involved in the cybercrime incident have been apprehended, and the case is currently before the courts. We are cooperating fully with the relevant investigative agencies to ensure the matter is resolved conclusively and that justice is served.”
In response to the incident, KNH has implemented measures to enhance the security of its systems and prevent future losses as promised by Dr. Kamuri.
This disclosure follows Auditor General Nancy Gathungu’s revelation last year that her office was conducting a forensic audit of KNH’s payment system. A preliminary review indicated potential fraudulent activities and fund misappropriation. The findings of this audit have yet to be made public.
KNH’s clarification comes in response to PSC’s earlier disclosure, which claimed that the hospital lost KES 517.9 million during the review period. KNH clarified that the actual loss was KES 47 million, attributing the higher figure to erroneous entries in a report.
Dr. Kamuri explained, “The KES47 million in question was mistakenly apportioned to each of the 11 individuals under investigation, resulting in the erroneous figure of KES517.9 million.” The hospital has written to the PSC to correct the reported figure.
The PSC’s report, published in mid-January, indicated that the amount of money lost through corrupt dealings across public entities increased to KES643.59 million in the year ended June 2024, up from KES605.1 million in the previous year. This figure could decrease if the PSC accepts KNH’s revision.
The PSC’s evaluation typically excludes public officers serving under other service commissions, such as the National Police Service Commission, Teachers Service Commission, Judicial Service Commission, Parliamentary Service Commission, and County Public Services.
This incident underscores the critical importance of robust cybersecurity measures within public institutions. As cyber threats become increasingly sophisticated, organizations must proactively strengthen their systems to safeguard against potential breaches. Regular audits, employee training, and the implementation of advanced security protocols are essential steps in mitigating the risk of cybercrime.
