Menu
Menu
While the healthcare sector has long been at risk from cyberattacks, the harms to human security are heightened during crises like the COVID-19 pandemic, when people across the world are particularly reliant on health services. Cyber operations that disrupt healthcare services are a direct threat to human security, which is vital to cyberpeace.
Healthcare providers and people in need of medical care are the victims of cyberattacks. At the peak of the pandemic, we documented one attack against healthcare providers per day: the death of a patient after a ransomware attack in Duesseldorf; the crippling of 400 hospitals run by Universal Health Services in the United States, and the leak of patient records in Finland to name a few.
Many states, private sector and civil society organizations have reaffirmed their view that international law applies in cyberspace. Existing laws offer strong protection for the health sector against cyber operations, but the effectiveness of this protection may be limited by a number of grey areas, such as differing definitions of key terms and concepts or contrasting application in different contexts.
The healthcare sector is a popular target for cyber criminals and the threat is growing. A cyberattack on healthcare is an attack on vulnerable people and the people who are involved in their care. People need access to reliable, safe healthcare and they should be able to access it without worrying about their privacy, safety and security or indeed whether they can receive healthcare at all.
Victim’s Story: How Hancock Regional Hospital Responded to a Ransomware Attack
It all happened in less than 48 hours: a ransomware attack, vital hospital computer systems shut down, a bitcoin payment secured on the dark web, and decryption codes used to make systems operational again.
A cyberattack no one saw coming in January 2018 taught Hancock Regional Hospital officials a valuable lesson – investing in cybersecurity is crucial.
Steve Long, CEO and President of the Hancock Regional Hospital talked to Adrien Ogee, COO of the CyberPeace Institute about how the attack unfolded in the hospital and why they decided to pay a ransom.
Cyberattacks on healthcare are attacks on people. Knowing and understanding what is happening is the first step to taking action for global change. The Cyber Incident Tracer (CIT) #HEALTH is a unique platform that bridges the information gap between cyberattacks on healthcare and their impact on people.
At the CyberPeace Institute, it is our conviction that a more thorough understanding of individual cyberattacks and their collective impact on people is essential to effect positive change. We probe how cyberattacks work, and the harm they cause to people. We work to de-escalate the number and magnitude of cyberattacks, enforce the responsibility and accountability of all actors and ensure that victims have a voice and the right to redress.
Our Call to Action invited governments to stop cyber operations against medical facilities and protect healthcare.
We partner with qualified companies to provide free and trusted cybersecurity assistance to healthcare professionals fighting COVID-19.
Healthcare needs a voice. We are calling on anyone who has experienced consequences of such attacks to share their stories.
Keep up to date with the latest at the CyberPeace Institute
The CyberPeace Institute’s staff and experts generate their own work and ideas consistent with the Institute’s mission. The Institute maintains strict intellectual independence for all its projects, events, and publications. The Institute maintains independent control of the content and conclusions of any products resulting from sponsored projects.