According to a 2021 global survey, more than a third of responding healthcare institutions reported at least one ransomware attack in the previous year, and a third of them reported paying a ransom.
Ransomware attacks are a form of cyberattacks in which a malicious actor “takes control” or “locks” files on a single computer or an entire network, demanding payment in exchange for access.
Attacks have increased in scale and sophistication over the years, with a price tag now running into tens of billions each year.
Friday's Security Council meeting was convened by France, Japan, Malta, the Republic of Korea, Slovenia, the United Kingdom (president in November) and the United States.
Matter of life or death.
Information ambassadors, Tedros Adhanom Ghebreyesus, Director-General of the WHO, emphasized the serious impact of cyberattacks on hospitals and health services, and called for urgent and collective global action to address this growing crisis.
“Ransomware and other cyber attacks on hospitals and other healthcare facilities These are not just issues of security and confidentiality, they can be issues of life and death.“, said.
“At best, these attacks cause disruption and financial loss. At worst, undermine confidence in the health systems that people depend onand even cause harm and death to the patient.”
The digital transformation of healthcare, combined with the high value of health data, has made the sector a prime target for cybercriminals, Tedros continued, citing examples of the 2020 ransomware attack on Brno University Hospital in Czechia and a May 2021 breach of the Irish Health Service. Service Executive (HSE).
Cyberattacks also spread beyond hospitals and disrupted the broader biomedical supply chain.
During the pandemic, vulnerabilities were exposed in companies that manufacture COVID-19 vaccines, clinical trial software providers, and laboratories.
Tedros highlighted the worrying reality that even when ransoms are paid, access to encrypted data is not guaranteed.
Tedros Adhanom Ghebreyesus, Director-General of the WHO, briefs the Security Council meeting on the threats posed by ransomware to hospitals and health services.
UN response
In response, WHO and other UN agencies are actively working to support nations, providing technical assistance, standards and guidelines to strengthen the resilience of health infrastructure against attacks.
In January, WHO published two key reports in collaboration with INTERPOL and the United Nations Office on Drugs and Crime (UNODC) to strengthen cybersecurity and combat disinformation.
The UN health agency is also preparing new guidance on cybersecurity and digital privacy, due next year.
Tedros stressed the importance of a comprehensive approach and called on countries to invest not only in advanced technologies to detect and mitigate cyber attacks, but also in training and equipping personnel to respond to such incidents.
“Humans are the weakest and strongest link in cybersecurity…it is humans who perpetrate ransomware attacks, and it is humans who can stop them.”
International cooperation is essential
He concluded with a call for international cooperation, urging the Security Council to use its mandate to strengthen global cybersecurity and ensure accountability.
“Just as viruses do not respect borders, neither do cyberattacks. Therefore, international cooperation is essential,” said.
“Just as you have used your mandate to adopt resolutions and decisions on physical security issues, we ask you to consider using that same mandate to strengthen global cybersecurity and accountability,” he urged Security Council members.
Eduardo Conrad, president of Ascension, briefs the Security Council on the impacts of ransomware attacks on hospitals managed by the organization.
Confusion in the real world
Eduardo Conrado, president of Ascension Healthcare, a US-based nonprofit healthcare provider, shared first-hand information about the harsh reality of ransomware attacks.
He detailed the May 2024 cyberattack on Ascension, which severely disrupted operations at its 120 hospitals.
The attack encrypted thousands of computer systems, making electronic medical records inaccessible and affecting key diagnostic services, including magnetic resonance imaging (MRI) and computed tomography (CT) scans.
Mr. Conrado illustrated the practical challenges that arose: “nurses could not search patient records from their computer stations and were forced to review paper backups…imaging teams were unable to quickly send the latest scans to the surgeons waiting in the operating rooms, and We had to rely on brokers to deliver hard copies of scans into the hands of our surgical teams..”
These disruptions not only delayed care but increased patient risk and placed an extraordinary burden on medical staff already facing high-stress conditions, he said.
Restoring operations took 37 days, during which the backlog of paper records grew to the equivalent of a mile high, he said, adding that financially, Ascension spent about $130 million on its response to the attack and lost about $900. million dollars in operating income so far. at the end of fiscal year 2024.
A broad view of the Security Council meeting on ransomware attacks against hospitals and healthcare facilities.
Council discussions
Ambassadors at the Security Council expressed growing concern about the impact of these cyber attacks on health facilities and services, especially in developing countries that lack adequate capacity to respond.
Anne Neuberger, U.S. National Security Policy Coordinator on Cyber and Emerging Technologiesemphasized the scale of ransomware threats in the healthcare sector, citing more than 1,500 incidents in its country in 2023 alone, amounting to $1.1 billion in payments.
He warned that attacks will continue and perpetrators will prosper “as long as ransoms are paid and criminals are able to evade capture, particularly by fleeing across borders.”
He said the international community can collectively eradicate the scourge by acting together, upholding a set of shared principles, refusing to pay criminal gangs and helping each other stop cybercriminals who believe they can overcome our system.
Ambassador Jay Dharmadhikari, Alternate Representative of FranceHe also highlighted the growth of ransomware attacks in his country, while calling for compliance with international standards and urging States to prevent the use of their territories for malicious cyber activities.
“Meetings like the one we are having today allow the [Security] Tip to stay on top of the changing cyber threat landscape. “France is willing to continue working to improve the understanding in this Council of cyber challenges,” he stated.
He also stated that some States, particularly Russia, continue to allow ransomware actors to operate from their territory with impunity, urging nations not to continue their practice of protecting international cybercriminals and instead act responsibly in the cyberspace to defend international peace and security.
Russian Ambassador Vassily Nebenzia said his country is also frequently targeted by cyberattacks on healthcare, emphasizing its long-standing commitment to information and communications technology (ICT) security.
He questioned the rationale behind including ransomware attacks on the agenda of the current Security Council meeting, given that there are other ongoing discussions on the topic of cybersecurity, such as the Cybercrime Convention.
Calling for the rapid entry into force of the Convention, he also urged Council members to consider adopting additional protocols, including the protection of critical infrastructure, including healthcare facilities, against malicious use of ICT.
He said discussions about Russian hackers allegedly involved in some attacks were “something that now seems to have become an anecdote because any sensible person could just dismiss this.”
Ambassador and Deputy Permanent Representative Geng Shuang of China emphasized the need for comprehensive strategies and global cooperation to address ransomware and broader cyber threats, noting the “complex and diverse” cybersecurity challenges facing China.
He stated that cyberattacks, cybercrime and cyberterrorism, including ransomware, are increasingly becoming global threats and that the issue of ransomware is highly specialized and technical.
He said China was not in favor of the “hasty push” by those Security Council members who had put the issue on the agenda and hoped that all parties could engage in a more specialized, practical and in-depth discussion in a more appropriate forum.
