Ransomware Attacks On Hospitals: A Life-or-Death Crisis, Warns WHO

In a Security Council meeting on Friday, the World Health Organization (WHO) sounded the alarm on rising cyberattacks targeting healthcare systems, highlighting ransomware as a grave threat to patient safety and hospital functionality worldwide, as reported in a press release by the UN.

WHO Director-General Tedros Adhanom Ghebreyesus stressed that such attacks pose “issues of life and death,” urging global action to protect critical healthcare infrastructure.

Let’s be clear #ransomware and other #cyberattacks on hospitals and health facilities are not just issues of security and confidentiality – “they can be issues of life and death”
– @WHO Director-General Tedros Adhanom Ghebreyesus, @DrTedros, briefing the #SecurityCouncil pic.twitter.com/4FoOmXFoHH

— UN News (@UN_News_Centre) November 8, 2024

The UN notes that a 2021 survey revealed that over one-third of healthcare institutions experienced at least one ransomware incident, with a substantial portion paying ransoms to regain access to critical data.

Ransomware attacks lock networks or devices, forcing institutions to pay for re-access. The rising prevalence of such attacks—estimated to cost billions annually—underscores the urgent need for strengthened cybersecurity measures in healthcare, as noted by the UN press release.

The UN reports that Tedros highlighted the 2020 attack on Brno University Hospital in Czechia and the 2021 Irish Health Service breach as examples of how these incidents can cripple health services.

Beyond hospitals, cybercriminals have also disrupted broader biomedical supply chains, including COVID-19 vaccine manufacturers and clinical trial systems, exposing weaknesses in global healthcare infrastructure, as noted on the UN press report.

In response, the WHO states that is working with global partners to enhance healthcare cybersecurity. Recent WHO collaborations with INTERPOL and the UN Office on Drugs and Crime led to reports addressing cybersecurity gaps and disinformation. Next year, WHO plans to release new guidelines to help nations build resilient healthcare systems.

Eduardo Conrado, President of Ascension Healthcare, shared firsthand experience from a 2024 ransomware attack on Ascension’s hospitals, where critical services like MRI scans were disrupted, creating high-risk conditions for patients, as reported by the UN.

The recovery took over a month, cost millions, and underscored the toll such attacks take on strained healthcare resources.

The Security Council members voiced concern, especially for nations with limited cybersecurity capacities. Many called for international cooperation to combat the threat, emphasizing that cyberattacks know no borders, as reported by the UN.

Tedros urged global accountability, stressing that just as viruses cross borders, so do cyber threats, making coordinated global action indispensable to healthcare security, stated the UN press release.