According to a 2021 global survey, more than a third of responding healthcare organizations reported at least one ransomware attack in the previous year, and a third of them reported paying a ransom.
Ransomware attacks are a form of cyberattack, in which a malicious actor “takes control” or “locks” files on a single computer or across an entire network, demanding payment in exchange for access.
Attacks have grown in scale and sophistication over the years, and the cost now runs into the tens of billions each year.
Friday’s Security Council meeting was convened by France, Japan, Malta, the Republic of Korea, Slovenia, the United Kingdom (president for November) and the United States.
Question of life and death
The ambassadors, WHO Director-General Tedros Adhanom Ghebreyesus, highlighted the serious impact of cyberattacks on hospitals and health services, calling for urgent and collective global action to address this growing crisis.
“Ransomware and other cyberattacks against hospitals and other healthcare facilities are not just matters of security and privacy, they can be matters of life and death“, he said.
“At best, these attacks cause disruption and financial loss. At worst, they undermine confidence in the health systems on which populations dependand even cause harm to patients or even their death.
The digital transformation of healthcare, combined with the high value of health data, has made the sector a prime target for cybercriminals, Tedros continued, citing examples from the 2020 ransomware attack on University Hospital of Brno in Czechia and a breach in May 2021 from Irish Health. Service Manager (HSE).
Cyberattacks have also expanded beyond hospitals to disrupt the broader biomedical supply chain.
During the pandemic, vulnerabilities have been revealed within COVID-19 vaccine manufacturing companies, clinical trial software providers, and laboratories.
Tedros highlighted the worrying reality that even when ransoms are paid, access to encrypted data is not guaranteed.
WHO Director-General Tedros Adhanom Ghebreyesus briefs Security Council meeting on threats posed by ransomware to hospitals and health services.
UN response
In response, WHO and other UN agencies are actively working to support countries, providing technical assistance, standards and guidelines to strengthen the resilience of health infrastructure against attacks.
In January, WHO released two key reports in collaboration with INTERPOL and the United Nations Office on Drugs and Crime (UNODC) to strengthen cybersecurity and combat disinformation.
The UN health agency is also preparing new guidance on cybersecurity and digital privacy, expected next year.
Tedros stressed the importance of a comprehensive approach, calling on countries to invest not only in advanced technologies to detect and mitigate cyberattacks, but also in training and equipping personnel to respond to such incidents.
“Humans are both the weakest and strongest link in cybersecurity…it’s humans who carry out ransomware attacks, and it’s humans who can stop them.
Indispensable international cooperation
He concluded with a call for international cooperation, urging the Security Council to use its mandate to strengthen global cybersecurity and ensure accountability.
“Just as viruses do not respect borders, neither do cyberattacks. International cooperation is therefore essential,» he said.
“Just as you have used your mandate to adopt resolutions and decisions on physical security issues, we ask you to consider using that same mandate to strengthen global cybersecurity and accountability,” he urged. members of the Security Council.
Eduardo Conrad, President of Ascension, briefs the Security Council on the impacts of ransomware attacks on hospitals managed by the organization.
Real world upheaval
Eduardo Conrado, President of Ascension Healthcare, a US-based non-profit healthcare provider, shared his views on the harsh realities of ransomware attacks.
He detailed the May 2024 cyberattack on Ascension, which severely disrupted operations at its 120 hospitals.
The attack encrypted thousands of computer systems, rendering electronic health records inaccessible and affecting key diagnostic services including magnetic resonance imaging (MRI) and computed tomography (CT) scanning.
Mr. Conrado illustrated the practical challenges that arose: “nurses were unable to view patient records from their computer stations and were forced to wade through paper backups…imaging teams were unable to quickly send the latest scans to surgeons waiting in operating rooms, and we had to rely on runners to get printed copies of scans into the hands of our surgical teams.”
These disruptions not only delayed care, but also increased risks for patients and placed an extraordinary burden on medical staff already facing high-stress conditions, he said.
The restoration operations lasted 37 days, during which the backlog of paper documents reached an amount equivalent to a kilometer high, he said, adding that financially, Ascension spent about $130 million on its response to the attack and has lost approximately $0.9 billion in operating revenue to date. the end of the 2024 financial year.
An overview of the Security Council meeting on ransomware attacks against hospitals and healthcare facilities.
Council Discussions
Ambassadors to the Security Council have expressed growing concern about the impact of these cyberattacks on health facilities and services, particularly in developing countries that lack adequate capacity to respond.
Anne Neuberger, coordinator of US national security policy on cybersecurity and emerging technologieshighlighted the scale of ransomware threats in the healthcare sector, citing more than 1,500 incidents in its country in 2023 alone, equating to $1.1 billion in payments.
She warned that attacks would continue and perpetrators would prosper, “as long as ransoms are paid and criminals are able to evade capture, including by fleeing across borders.”
She said the international community can collectively eradicate this scourge by acting together, adhering to a common set of principles, refusing to pay off criminal gangs and helping each other apprehend cybercriminals who think they can outsmart our system.
She also said some states, including Russia, continue to allow ransomware perpetrators to operate from their territories with impunity, urging nations not to follow its practices of protecting international cybercriminals and instead act responsibly in cyberspace to maintain international peace and security.
Ambassador Jay Dharmadhikari, Alternative Representative of Francealso highlighted the growth of ransomware attacks in his country by calling for compliance with international standards and urging states to prevent the use of their territories for malicious cyber activities.
“Meetings like the one we are organizing today allow [Security] Tip for staying abreast of the evolving cyber threat landscape.
“France is ready to continue working to improve understanding within this Council of cyber issues,” he added.
Russian Ambassador Vassily Nebenzia said his country is also frequently subject to cyberattacks on healthcare, underscoring its long-standing commitment to information and communications technology (ICT) security.
He questioned the rationale for including ransomware attacks on the agenda of the current Security Council meeting, given that other discussions are underway on the topic of cybersecurity, such as the Convention against cybercrime.
Calling for the rapid entry into force of the Convention, he also urged Council members to consider adopting additional protocols, particularly on the protection of critical infrastructure, including health facilities, against the malicious use of ICT .
He said talk of Russian hackers being involved in some attacks was “something that seems to have become an anecdote now, because any sane person could just dismiss that.”
Geng Shuang, Ambassador and Deputy Permanent Representative of China stressed the need for comprehensive, globally cooperative strategies to combat ransomware and broader cyber threats, highlighting the “complex and diverse” cybersecurity challenges facing China.
He said that cyberattacks, cybercrime and cyberterrorism, including ransomware, are increasingly becoming global threats and that the issue of ransomware is highly specialized and technical.
He said China did not support “rushed pushes” by Security Council members who had put the issue on the agenda and hoped all sides could engage in more specialized, practical discussions. and deepened in a more appropriate forum.
