HAMILTON, Canada
The director-general of the World Health Organization (WHO) on Friday said that cyberattacks targeting hospitals are not merely security breaches, but “issues of life and death.”
“Let’s be clear at the outset that ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality, they can be issues of life and death,” Tedros Adhanom Ghebreyesus told a UN Security Council session on “threats posed by ransomware attacks against hospitals and other healthcare facilities and services.”
Noting the escalating danger posed by ransomware attacks, he stressed that cybercriminals shut down digital health infrastructure and demand a ransom to restore access.
Tedros warned that hackers are exploiting the “threat to patient safety, confidentiality, and service disruption” to increase their ransom demands.
“Surveys have shown that attacks on the healthcare sector have increased in both scale and frequency,” he said, adding that this is due to “success the hackers got in attacking hospitals or health facilities.”
Highlighting a global survey from 2021 stating that over a third of global healthcare organizations reported an attack in 2021, Tedros said many facilities opted to pay ransoms to regain access, and yet “31% of respondents did not regain access to their encrypted data.”
The WHO, in cooperation with other UN agencies, is working to support healthcare systems with technical assistance, standards, and strategies to build resilience against such cyber threats, he said.
Urging governments to take a more comprehensive approach, recognizing that “cybersecurity is a whole of government responsibility,” Tedros said that health sector authorities and funders remain accountable for securing digital health infrastructures.
He recalled that technology plays a key role in cybersecurity, and stressed that “our mindset must change radically to acknowledge that we cannot rely on IT systems alone.”
Investing in people and fostering international cooperation is critical, he explained, as “humans are both the weakest and strongest links in cyber security.”
He called on the Security Council to consider cybercrime as a serious international threat, adding, “Just as viruses don’t respect borders, nor do cyberattacks.”