A global survey conducted in 2021 revealed that over one-third of health institutions surveyed experienced at least one ransomware attack in the previous year, with a third of those institutions admitting to paying a ransom. Ransomware attacks represent a type of cyber intrusion where a malicious entity either seizes or encrypts files on an individual computer or across an entire network, demanding payment for restoration of access. The scale and complexity of these attacks have escalated significantly over the years, with financial losses now amounting to tens of billions annually.
A meeting of the Security Council was convened on Friday at the request of France, Japan, Malta, the Republic of Korea, Slovenia, the United Kingdom (which holds the presidency for November), and the United States. During the briefing for ambassadors, Tedros Adhanom Ghebreyesus, the Director-General of the World Health Organization, underscored the profound effects of cyberattacks on hospitals and healthcare services, urging immediate and collaborative global efforts to tackle this escalating crisis.
He stated, “Ransomware and other cyberattacks on hospitals and other health facilities are not merely security and confidentiality concerns; they can have life-and-death implications.” He further noted that while such attacks can lead to disruptions and financial losses, they can also erode public trust in essential health systems and potentially result in patient harm or fatalities.
Tedros pointed out that the digital transformation of healthcare, coupled with the significant value of health data, has rendered the sector particularly vulnerable to cybercriminals. He referenced incidents such as the 2020 ransomware attack on Brno University Hospital in Czechia and the May 2021 breach of the Irish Health Service Executive (HSE) as examples. Moreover, the impact of cyberattacks extends beyond hospitals, affecting the wider biomedical supply chain. The pandemic has revealed vulnerabilities in companies involved in the production of COVID-19 vaccines, clinical trial software providers, and laboratories.
Tedros also raised the alarming fact that even when ransoms are paid, there is no assurance of regaining access to encrypted data.
UN response
In response, the World Health Organization (WHO) and various United Nations entities are diligently engaged in assisting countries by offering technical support, establishing norms, and providing guidelines aimed at enhancing the resilience of health infrastructure against potential attacks.
In January, the WHO released two significant reports in partnership with INTERPOL and the UN Office on Drugs and Crime (UNODC) to fortify cybersecurity measures and combat disinformation.
Additionally, the UN health agency is in the process of developing new guidance on cybersecurity and digital privacy, which is anticipated to be released next year.
Tedros emphasized the necessity of a holistic approach, urging nations to allocate resources not only towards advanced technologies for the detection and mitigation of cyber threats but also towards the training and preparation of personnel to effectively respond to such challenges.
“Humans represent both the most vulnerable and the most resilient elements in cybersecurity; it is individuals who initiate ransomware attacks, and it is individuals who possess the capability to thwart them.”
International cooperation essential
He ended his remarks by emphasizing the necessity of international collaboration, appealing to the Security Council to leverage its authority to enhance global cybersecurity and promote accountability.
“Cyberattacks, like viruses, do not recognize national boundaries; thus, international cooperation is crucial,” he stated.
“Just as you have exercised your mandate to pass resolutions and make decisions regarding physical security, we implore you to contemplate utilizing that same authority to bolster global cybersecurity and ensure accountability,” he urged the members of the Security Council.
Real world turmoil
Eduardo Conrado, the President of Ascension Healthcare, a non-profit healthcare organization based in the United States, provided valuable insights into the severe impacts of ransomware attacks. He recounted the cyberattack that occurred in May 2024, which significantly disrupted operations across the organization’s 120 hospitals. This incident resulted in the encryption of thousands of computer systems, making electronic health records inaccessible and hindering essential diagnostic services such as magnetic resonance imaging (MRIs) and computed tomography (CT) scans.
Mr. Conrado highlighted the practical difficulties that emerged from this situation: “nurses were unable to access patient records from their computer stations and had to search through paper backups… imaging teams could not promptly send the latest scans to surgeons waiting in the operating rooms, necessitating the use of runners to deliver printed copies of the scans to our surgical teams.”
These interruptions not only delayed patient care but also heightened risks for patients and imposed an immense strain on medical personnel already facing high-stress environments. He noted that the restoration of operations took 37 days, during which the accumulation of paper records reached a staggering height equivalent to a mile. Financially, Ascension incurred approximately $130 million in response costs to the attack and experienced a loss of around $0.9 billion in operating revenue by the conclusion of the fiscal year 2024.
Council discussions
Ambassadors on the Security Council have voiced increasing alarm regarding the repercussions of cyberattacks on healthcare facilities and services, particularly in developing nations that are ill-equipped to address such threats. Anne Neuberger, the coordinator for the United States’ national security policy concerning cyber and emerging technologies, highlighted the magnitude of ransomware threats within the healthcare sector, reporting over 1,500 incidents in her country in 2023 alone, which resulted in payments totaling $1.1 billion.
She cautioned that these attacks are likely to persist, and that offenders will continue to prosper, “as long as ransoms are being paid and criminals can evade capture, particularly by fleeing across borders.” Neuberger asserted that the international community has the potential to eliminate this menace by collaborating, adhering to a common set of principles, refusing to pay criminal organizations, and assisting one another in apprehending cybercriminals who believe they can outsmart the system. Furthermore, she noted that certain states, particularly Russia, permit ransomware actors to operate from their territories without consequence, urging other nations to refrain from adopting such practices that protect international cybercriminals and instead to act responsibly in cyberspace to maintain international peace and security.
