Breaking News

When Cyberattacks Threaten Lives: A Crisis Discussed at the UN Security Council

Written by Maria-Diandra Opre | Nov 18, 2024 7:29:34 PM

During a United Nations Security Council meeting the week of November 4, Eduardo Conrado, president of Ascension, shared the chilling details of a cyberattack that crippled their operations. In May, Ascension Healthcare became a target. Thousands of systems across its 120 hospitals were encrypted, grinding operations to a halt. Patients requiring diagnostic imaging, such as MRIs and CT scans, faced delays as these critical services were disrupted.

Doctors and nurses were forced to work without vital tools, delaying diagnoses and treatments. The cascading effects of such an attack are profound, from delayed surgeries to the inability to coordinate care for vulnerable patients. For those waiting for life-saving interventions, every second mattered, and ransomware robbed them of that time.

When hospitals, laboratories, and emergency services are locked out of their systems by ransomware, the consequences are far more than technical. Lives are put on hold—or worse, put in danger.  Doctors can’t access medical records. Diagnostic tools sit idle. Patients in critical need face delays that could mean the difference between survival and tragedy. Every 11 seconds, a ransomware attack occurs. By 2031, this will happen every 2 seconds, as predicted by Cybersecurity Ventures.

Patient data is among the most valuable on the black market, containing personal identifiers, medical histories, and financial information. The critical nature of healthcare services makes hospitals more likely to pay ransoms quickly to restore operations, knowing that any delay can lead to patient harm. Additionally, many healthcare organizations operate on limited budgets, often prioritizing patient care over robust cybersecurity measures. This creates gaps that attackers exploit, turning hospitals, laboratories, and emergency services into high-value targets.

Explaining the ramifications of such incidents, WHO Director-General declared that “At best, these attacks cause disruption and financial loss. At worst, they undermine trust in the health systems on which people depend, and even cause patient harm and death.

As a whole, the digital transformation of health systems, the high value of health data, increasing demands on health systems and resource constraints all contribute to making health facilities attractive targets for ransomware attacks. These attacks target the digital infrastructure of health facilities, disrupt or shut them down, and in order for access to be returned, the perpetrators demand a fee – or ransom – be paid.”

The ripple effects of such attacks extend far beyond the immediate victims. Patients face longer wait times for appointments and procedures, as healthcare systems struggle to catch up after the disruption. The public’s trust in these institutions erodes, particularly when sensitive personal data is leaked as part of these attacks. Financially, hospitals often bear the burden of ransom payments, system restorations, and lost revenue from disrupted operations. For already strained healthcare systems, these costs can lead to cuts in services, staffing shortages, and further vulnerabilities.

Governments and international bodies also have a role to play in fostering collaboration, establishing stricter regulations, and holding perpetrators accountable. Without these measures, the consequences of ransomware will continue to escalate, compromising patient safety, public trust, and the overall resilience of healthcare systems worldwide.