Cyberattacks on healthcare: A global threat that can’t be ignored

By UN News/Vibhu Mishra

An alarming surge in ransomware attacks is putting the world’s healthcare infrastructure at critical risk, endangering patient safety and destabilising health systems, the head of the UN World Health Organization (WHO) warned on Friday, as the Security Council convened to discuss strategies to counter the growing threat.

According to a 2021 global survey, more than one-third of responding health institutions reported at least one ransomware attack in the preceding year, and a third among them reported paying a ransom.

Ransomware attacks are a form of cyberattacks, in which a malicious actor “takes over” or “locks” files on a single computer or an entire network, demanding payment in return for access.

The attacks have grown in scale and sophistication over the years, with the price tag now in the tens of billions each year.

Friday’s meeting of the Security Council was called for by France, Japan, Malta, the Republic of Korea, Slovenia, the United Kingdom (President for November) and the United States.

Issue of life and death

Briefing ambassadors, Tedros Adhanom Ghebreyesus, WHO Director-General, emphasised the severe impact of cyberattacks on hospitals and healthcare services, calling for urgent and collective global action to address this growing crisis.

“Ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality, they can be issues of life and death,” he said.

“At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend, and even cause patient harm and death.”

The digital transformation of healthcare, combined with the high value of health data, has made the sector a prime target for cybercriminals, Tedros continued, citing examples of the 2020 ransomware attack on Brno University Hospital in Czechia and a May 2021 breach of the Irish Health Service Executive (HSE).

Cyberattacks also extended beyond hospitals to disrupt the broader biomedical supply chain.

During the pandemic, vulnerabilities were exposed in companies manufacturing COVID-19 vaccines, clinical trial software vendors, and laboratories.

Tedros highlighted the concerning reality that, even when ransoms are paid, access to encrypted data is not guaranteed.

UN response

In response, the WHO and other UN bodies are actively working to support nations, providing technical assistance, norms and guidelines to bolster the resilience of health infrastructure against attack.

In January, WHO published two key reports in collaboration with INTERPOL and the UN Office on Drugs and Crime (UNODC) to strengthen cybersecurity and counter disinformation.

The UN health agency is also preparing new guidance on cybersecurity and digital privacy, expected next year.

Tedros underscored the importance of a comprehensive approach, calling on countries to invest not only in advanced technologies for detecting and mitigating cyberattacks but also in training and equipping staff to respond to such incidents.

“Humans are both the weakest and strongest links in cybersecurity…it is humans who perpetrate ransomware attacks, and it is humans who can stop them.”

International cooperation essential

He concluded with a call for international cooperation, urging the Security Council to use its mandate to strengthen global cybersecurity and ensure accountability.

“Just as viruses don’t respect borders, nor do cyberattacks. International cooperation is therefore essential,” he said.

“Just as you have used your mandate to adopt resolutions and decisions on matters of physical security, so we ask you to consider using that same mandate to strengthen global cybersecurity, and accountability,” he urged Security Council members.

Real world turmoil

Eduardo Conrado, President of Ascension Healthcare, a US-based non-profit healthcare provider, shared firsthand insights into the harsh realities of ransomware attacks.

He detailed the May 2024 cyberattack on Ascension, which severely disrupted operations across its 120 hospitals.

The attack encrypted thousands of computer systems, rendering electronic health records inaccessible and affecting key diagnostic services, including magnetic resonance imaging (MRIs) and computed tomography (CT) scans.

Mr. Conrado illustrated the practical challenges that arose: “nurses were unable to look up patient records from their computer stations and were forced to comb through paper back-ups…imaging teams were unable to quickly send the latest scans up to surgeons waiting in the operating rooms, and we had to rely on runners to deliver printed copies of the scans to the hands of our surgery teams.”

These disruptions not only delayed care but increased patient risk and placed an extraordinary burden on medical staff already contending with high-stress conditions, he said.

Restoring operations took 37 days, during which the backlog of paper records grew to a towering mile-high equivalent, he said, adding that financially, Ascension spent about $130 million on its response to the attack and lost approximately $0.9 billion in operating revenue as of the end of fiscal year 2024.