The healthcare sector is facing systemic, repeated cyberattacks that do not just endanger systems but are a direct threat to life.”
Stéphane Duguin, CEO, CyberPeace Institute

The COVID19 pandemic has created a new reality for the healthcare sector, globally testing its limits. In addition to the overwhelming challenge to manage the medical emergency, the sector has become a direct target for cyberattacks.Taking advantage of the pandemic, malicious actors have launched a series of phishing campaigns and ransomware attacks on healthcare organizations. Hospitals are lucrative targets due to the sensitive patient information they store and the urgency to continue providing critical medical care. They simply cannot afford to cease operations in order to counter cyber attacks, and they are more likely to pay a ransom to protect their patients.

The Threat

While the healthcare sector has long been at risk from cyberattacks, the harms to human security are heightened during crises like the COVID-19 pandemic, when people across the world are particularly reliant on health services. Cyber operations that disrupt healthcare services are a direct threat to human security, which is vital to cyberpeace. 

The Victims

Healthcare providers and people in need of medical care are the victims of cyberattacks. At the peak of the pandemic, we documented  one attack against healthcare providers per day: the death of a patient after a ransomware attack in Duesseldorf the crippling of 400 hospitals run by Universal Health Services in the United States, and the leak of patient records in Finland to name a few.

The Law

Many states, private sector and civil society organizations have reaffirmed their view that international law applies in cyberspace. Existing laws offer strong protection for the health sector against cyber operations, but the effectiveness of this protection may be limited by a number of grey areas, such as differing definitions of key terms and concepts or contrasting application in different contexts.

The Impact of Cyberattacks

The healthcare sector is a popular target for cyber criminals and the threat is growing.  A cyberattack on healthcare is an attack on vulnerable people and the people who are involved in their care.  People need access to reliable, safe healthcare and they should be able to access it without worrying about their privacy, safety and security or indeed whether they can receive healthcare at all. 

Victim’s Story: How Hancock Regional Hospital Responded to a Ransomware Attack

It all happened in less than 48 hours: a ransomware attack, vital hospital computer systems shut down, a bitcoin payment secured on the dark web, and decryption codes used to make systems operational again.

A cyberattack no one saw coming in January 2018 taught Hancock Regional Hospital officials a valuable lesson – investing in cybersecurity is crucial.

Steve Long, CEO and President of the Hancock Regional Hospital talked to Adrien Ogee, COO of the CyberPeace Institute about how the attack unfolded in the hospital and why they decided to pay a ransom. 

The Cyber Incident Tracer (CIT) #HEALTH

Cyberattacks on healthcare are attacks on people. Knowing and understanding what is happening is the first step to taking action for global change. The Cyber Incident Tracer (CIT) #HEALTH is a unique platform that bridges the information gap between cyberattacks on healthcare and their impact on people.

Our Actions

At the CyberPeace Institute, it is our conviction that a more thorough understanding of individual cyberattacks and their collective impact on people is essential to effect positive change.  We probe how cyberattacks work, and the harm they cause to people. We work to de-escalate the number and magnitude of cyberattacks, enforce the responsibility and accountability of all actors and ensure that victims have a voice and the right to redress. 

Call to

Our Call to Action invited governments to stop cyber operations against medical facilities and protect healthcare.

Cyber 4

We partner with qualified companies to provide free and trusted cybersecurity assistance to healthcare professionals fighting COVID-19. 

Call for

Healthcare needs a voice. We are calling on anyone who has experienced consequences of such attacks to share their stories.


Have you been a victim of a cyberattack?
Do you need help?