An alarming surge in ransomware attacks is putting the world's healthcare infrastructure at critical risk, endangering patient safety and destabilising health systems, the head of the UN World Health Organization (WHO) warned on Friday, as the Security Council convened to discuss strategies to counter the growing threat.
According to a 2021 global survey, more than one-third of responding health institutions reported at least one ransomware attack in the preceding year, and a third among them reported paying a ransom.
Ransomware attacks are a form of cyberattacks, in which a malicious actor "takes over" or "locks" files on a single computer or an entire network, demanding payment in return for access.
The attacks have grown in scale and sophistication over the years, with the price tag now in the tens of billions each year.
Friday's meeting of the Security Council was called for by France, Japan, Malta, the Republic of Korea, Slovenia, the United Kingdom (President for November) and the United States.
Issue of life and death
Briefing ambassadors, Tedros Adhanom Ghebreyesus, WHO Director-General, emphasised the severe impact of cyberattacks on hospitals and healthcare services, calling for urgent and collective global action to address this growing crisis.
"Ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality, they can be issues of life and death," he said.
"At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend, and even cause patient harm and death."
The digital transformation of healthcare, combined with the high value of health data, has made the sector a prime target for cybercriminals, Tedros continued, citing examples of the 2020 ransomware attack on Brno University Hospital in Czechia and a May 2021 breach of the Irish Health Service Executive (HSE).
Cyberattacks also extended beyond hospitals to disrupt the broader biomedical supply chain.
During the pandemic, vulnerabilities were exposed in companies manufacturing COVID-19 vaccines, clinical trial software vendors, and laboratories.
Tedros highlighted the concerning reality that, even when ransoms are paid, access to encrypted data is not guaranteed.
UN response
In response, the WHO and other UN bodies are actively working to support nations, providing technical assistance, norms and guidelines to bolster the resilience of health infrastructure against attack.
In January, WHO published two key reports in collaboration with INTERPOL and the UN Office on Drugs and Crime (UNODC) to strengthen cybersecurity and counter disinformation.
The UN health agency is also preparing new guidance on cybersecurity and digital privacy, expected next year.
Tedros underscored the importance of a comprehensive approach, calling on countries to invest not only in advanced technologies for detecting and mitigating cyberattacks but also in training and equipping staff to respond to such incidents.
"Humans are both the weakest and strongest links in cybersecurity...it is humans who perpetrate ransomware attacks, and it is humans who can stop them."
International cooperation essential
He concluded with a call for international cooperation, urging the Security Council to use its mandate to strengthen global cybersecurity and ensure accountability.
"Just as viruses don't respect borders, nor do cyberattacks. International cooperation is therefore essential," he said.
"Just as you have used your mandate to adopt resolutions and decisions on matters of physical security, so we ask you to consider using that same mandate to strengthen global cybersecurity, and accountability," he urged Security Council members.
Real world turmoil
Eduardo Conrado, President of Ascension Healthcare, a US-based non-profit healthcare provider, shared firsthand insights into the harsh realities of ransomware attacks.
He detailed the May 2024 cyberattack on Ascension, which severely disrupted operations across its 120 hospitals.
The attack encrypted thousands of computer systems, rendering electronic health records inaccessible and affecting key diagnostic services, including magnetic resonance imaging (MRIs) and computed tomography (CT) scans.
Mr. Conrado illustrated the practical challenges that arose: "nurses were unable to look up patient records from their computer stations and were forced to comb through paper back-ups...imaging teams were unable to quickly send the latest scans up to surgeons waiting in the operating rooms, and we had to rely on runners to deliver printed copies of the scans to the hands of our surgery teams."
These disruptions not only delayed care but increased patient risk and placed an extraordinary burden on medical staff already contending with high-stress conditions, he said.
Restoring operations took 37 days, during which the backlog of paper records grew to a towering mile-high equivalent, he said, adding that financially, Ascension spent about $130 million on its response to the attack and lost approximately $0.9 billion in operating revenue as of the end of fiscal year 2024.
Council discussions
Ambassadors on the Security Council expressed growing concern over the impact of these cyberattacks on healthcare facilities and services, especially in developing countries that lack adequate capacity to respond.
Anne Neuberger, coordinator for US' national security policy on cyber and emerging technologies, emphasised the scale of ransomware threats in the health sector, citing over 1,500 incidents in her country in 2023 alone, amounting to $1.1 billion in payments.
She warned that attacks will continue, and perpetrators will thrive, "as long as ransoms are being paid and criminals can evade capture, particularly by fleeing across borders."
She said that the international community can collectively eradicate the scourge by acting together, abiding by a set of shared principles, refusing to pay criminal gangs and helping each other apprehend the cybercriminals who think they can outmanoeuvre our system.
Ambassador Jay Dharmadhikari, Alternative Representative of France, also highlighted the growth of ransomware attacks in his country as he called for adherence to international norms and urged States to prevent the use of their territories for malicious cyber activities.
"Meetings such as the one we are having today, enable the [Security] Council to keep abreast of the changing cyber threat landscape. France stands ready to continue to work in improving the understanding in this Council of the cyber challenges," he said.
She also claimed that some States, notably Russia, continue to allow ransomware actors to operate from their territory with impunity, urging nations not to follow its practice in protecting international cybercriminals and instead act responsibly in cyberspace to uphold international peace and security.
Russia's Ambassador Vassily Nebenzia said his country is also frequently subjected to cyberattacks on healthcare, emphasising its longstanding commitment to information and communication technology (ICT) security.
He questioned the rationale behind including ransomware attacks in the agenda for the current Security Council meeting, given there are other discussions ongoing on the topic of cyber security, such as the Convention against Cybercrime.
Calling for the swift entry into force of the Convention, he also urged Council members to consider adopting additional protocols including on protecting critical infrastructure, including healthcare facilities from malicious use of ICT.
He said discussions concerning Russian hackers reportedly involved in some attacks was "something that seems to have turned into an anecdote now because any sensible person could just reject this".
Ambassador and Deputy Permanent Representative Geng Shuang of China emphasised the need for comprehensive, globally cooperative strategies to address ransomware and broader cyber threats, noting the "complex and diverse" cybersecurity challenges China is facing.
He stated that cyberattacks, cybercrime and cyber-terrorism, including ransomware, are increasingly becoming global menaces and that the issue of ransomware is highly specialised and technical.
He said China was not in favour of the "hasty push" by those Security Council members who had put the issue on the agenda and hoped that all parties could engage in more specialised, practical and in-depth discussion at a more appropriate forum.
Broadcast of the Security Council meeting.