Ransomware attacks on hospitals and healthcare systems can be “issues of life and death” and pose a serious threat to international security, the head of the UN health agency told the Security Council today, as several delegates echoed his calls for international cooperation to address one of today’s most damaging cyberthreats, while others questioned whether the 15‑nation organ was the appropriate forum for the meeting.

Tedros Adhanom Ghebreyesus, Director-General of the World Health Organization (WHO), said that ransomware attacks by cybercrime groups target the digital infrastructure of health facilities, disrupt or shut them down, and for access to be returned, the perpetrators demand a fee — or ransom — to be paid.  These groups operate on the logic that the greater the threat to patient safety, confidentiality and service disruptions they can create, the greater the ransom they can demand.

“Let’s be clear… ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality; they can be issues of life and death,” he stressed, pointing out that health facilities, so as to not put patients at further risk, are often willing to pay a substantial ransom, even if there is no guarantee data will be decrypted, and attackers will not try again.