Cyberattacks on the healthcare sector: A global threat that cannot be ignored

According to a 2021 global survey, more than a third of responding healthcare organizations reported at least one ransomware attack in the previous year, and a third of those reported paying a ransom.

A ransomware attack is a form of cyberattack in which a malicious actor “takes over” or “locks” files on a single computer or an entire network, demanding payment in exchange for access.

Attacks have grown in scale and complexity over the years, with costs now reaching tens of billions of dollars each year.

Friday’s meeting of Security Council called upon by France, Japan, Malta, South Korea, Slovenia, the United Kingdom (November President) and the United States.

A matter of life and death

Meet the ambassador, Tedros Adhanom Ghebreyesus, WHO The Director-General emphasized the severe impact of cyber attacks on hospitals and healthcare services, and called for collective and urgent global action to address the growing crisis This.

“Ransomware and other cyber attacks on hospitals and other medical facilities is not only a matter of security and confidentiality but can also be a matter of life and deathhe said.

“At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health system on which people dependeven causing harm and death to patients.”

The digital transformation of healthcare, combined with high-value health data, has made the sector a prime target for cybercriminals, Tedros continued. , citing examples of the 2020 ransomware attack on Brno University Hospital in the Czech Republic and the Irish Department of Health breach in May 2021. Services Employees (HSE).

Cyber ​​attacks also extend beyond hospitals to disrupt the broader biomedical supply chain.

During the pandemic, vulnerabilities have been exposed in manufacturing companies COVID-19 vaccine, clinical and laboratory testing software provider.

Tedros highlighted the worrying fact that, even if the ransom is paid, access to encrypted data is not guaranteed.

Tedros Adhanom Ghebreyesus, Director-General of WHO, summarizes the Security Council meeting on the threats posed by ransomware to hospitals and health services.

United Nations response

In response, WHO and other UN agencies are actively working to support countries, providing technical assistance, standards and guidance to strengthen infrastructure resilience. medical floor before attacks.

In January, WHO published two important reports in collaboration with INTERPOL and the United Nations Office on Drugs and Crime (UNODC) to strengthen cybersecurity and combat misinformation.

The UN health agency is also preparing new guidance on cybersecurity and digital privacy, expected next year.

Tedros emphasized the importance of a comprehensive approach, calling on countries to invest not only in advanced technology to detect and mitigate cyber attacks but also to train and equip personnel to respond to them. such incidents.

“People are both the weakest and strongest link in cybersecurity…it is humans who cause ransomware attacks, and it is humans who can stop them.”

International cooperation is needed

He concluded with a call for international cooperation, calling on the Security Council to use its mandate to strengthen global cybersecurity and ensure accountability.

“Just as viruses know no borders, neither do cyber attacks. Therefore, international cooperation is necessary,he said.

He urged Security Council members: “Just as you have used your powers to pass resolutions and decisions on physical security issues, so we ask you to consider Use that authority to strengthen global cybersecurity and accountability.”

Eduardo Conrad, President of Ascension, briefed the Security Council on the impact of ransomware attacks on hospitals operated by the organization.

The real world is chaotic

Eduardo Conrado, President of Ascension Healthcare, a US-based nonprofit healthcare provider, shared first-hand insights into the harsh realities of ransomware attacks.

He detailed the May 2024 cyberattack on Ascension, which severely disrupted operations at 120 hospitals.

The attack encrypted thousands of computer systems, rendering electronic health records inaccessible and affecting critical diagnostic services, including magnetic resonance imaging (MRI) and CT scans computer (CT).

Mr. Conrado illustrates the practical challenges that arise: “Nurses cannot look up patient records from their computer stations and were forced to look through paper backups…the imaging team could not quickly send the latest scans to the surgeons waiting in the operating room, and we had to rely on the athletes to get printouts of the scans into the hands of our surgical team.”

These disruptions not only delay care, he said, but also increase risks to patients and place a particular burden on healthcare workers who are already facing high stress.

Restoring operations took 37 days, during which the backlog grew to levels equivalent to sky-high, he said, adding that financially, Ascension spent about $130 million to responded to the attack and lost approximately $0.9 billion in operating revenue to date. end of fiscal year 2024.

Overview of the Security Council meeting on ransomware attacks on hospitals and healthcare facilities.

council discussion

Ambassadors to the Security Council expressed growing concern about the impact of these cyber attacks on health care facilities and services, especially in developing countries that lack the capacity to full response force.

Anne Neuberger, US national security policy coordinator for cyber and emerging technologieshighlighted the scale of ransomware threats in the healthcare sector, citing more than 1,500 incidents in her country alone in 2023, with payouts reaching $1.1 billion.

She warned that attacks will continue and perpetrators will thrive “as long as ransoms are paid and criminals can evade capture, especially by fleeing across borders.”

She said the international community can come together to destroy the scourge by acting together, adhering to a common set of principles, refusing to pay off criminal gangs and helping each other catch cyber criminals , who think they can bypass our system.

Ambassador Jay Dharmadhikari, Alternate Representative of Francealso highlighted the increase in ransomware attacks in his country as he called for compliance with international standards and called on countries to prevent the use of their territories for malicious cyber activities .

“Meetings like the one we are having today, allow [Security] Council to keep pace with the changing cyber threat landscape. France is ready to continue its efforts to increase understanding within this Council on cyber challenges,” he said.

She also stated that some countries, notably Russia, continue to allow ransomware actors to operate from their territories with impunity, calling on countries not to follow her practices in protect international cybercrime and instead act responsibly in cyberspace to maintain international peace and security.

Russian Ambassador Vassily Nebenzia said his country also regularly suffers from cyber attacks on the healthcare sector, emphasizing the country’s long-standing commitment to information and communications technology (ICT) security.

He questioned the rationale behind including ransomware attacks on the agenda of the current Security Council meeting, as there are other discussions taking place on the topic of cybersecurity, such as such as the Convention against Cybercrime.

Calling for the Convention to enter into force quickly, he also called on Council members to consider adopting additional protocols, including for the protection of critical infrastructure, including care facilities health from using IT for bad purposes.

He said discussions regarding Russian hackers allegedly being involved in some of the attacks are “something that seems to have become anecdotal because any sensible person can dismiss this.” .

Ambassador and Deputy Permanent Representative Canh Shuang of China emphasized the need for comprehensive, globally cooperative strategies to address ransomware and broader cyber threats, while noting the “complex and diverse” cybersecurity challenges facing China. The country is facing.

He stated that cyberattacks, cybercrime and cyberterrorism, including ransomware, are increasingly becoming a global threat and that the issue of ransomware is highly specialized and technical.

He said China does not support the “hasty push” of Security Council members to put the issue on the agenda and hopes that all parties can participate in the discussions. more in-depth, practical and insightful at a more appropriate forum.