Threats Posed by Ransomware Attacks Against Hospitals and Health Facilities - WHO Director Briefing

WHO Director-General Dr Tedros Adhanom Ghebreyesus warned that ransomware and cyberattacks on hospitals go beyond “issues of security and confidentiality” and “can be issues of life and death.” Briefing the Security Council in New York City today (8 Nov) on the rising threat of ransomware attacks on healthcare facilities worldwide, Dr Tedros also highlighted data from a 2021 global survey, revealing that over a third of healthcare respondents had faced ransomware attacks, and among them, nearly a third could not recover their data even after paying a ransom. Eduardo Conrad, President of Ascension, a major U.S. healthcare provider, shared an account of the May 2024 ransomware attack on their systems, which forced staff to revert to manual methods like paper records, fax machines, and hand deliveries. He said, “Due to a malicious attack, our care teams and our patients went from utilizing all of the incredible technology they use every day to working off paper.” Ascension reported losses of nearly 900 million dollars and over 130 million dollars spent on response efforts as a result of the attack. Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology at the White House, underscored the scale of the crisis, reporting over 1,500 ransomware incidents in the United States in 2023, with ransom payments exceeding 1.1 billion dollars. Neuberger noted that health experts link these attacks to increased patient mortality in disrupted hospitals, raising further concerns about the human toll. Amid calls for international action, Russian Representative Vasily Nebenzya questioned the necessity of the Security Council’s involvement, while Stavros Lambrinidis, EU Head of Delegation to the UN, urged states to prevent cyber operations within their territories that threaten critical services. Ahead of the Security Council session, a coalition of member states addressed the press, highlighting that the General Assembly has consistently endorsed the UN framework on responsible state behavior in cyberspace. This framework asserts the applicability of international law in cyberspace, expecting states to adhere to voluntary norms of conduct during peacetime.


For more information or to watch video on YouTube, click here!