While the healthcare sector has long been at risk from cyberattacks, the harms to human security are heightened during crises like the COVID-19 pandemic, when people across the world are particularly reliant on health services. Cyber operations that disrupt healthcare services are a direct threat to human security, which is vital to cyberpeace.
Healthcare providers and people in need of medical care are the victims of cyberattacks. At the peak of the pandemic, we documented one attack against healthcare providers per day: the death of a patient after a ransomware attack in Duesseldorf; the crippling of 400 hospitals run by Universal Health Services in the United States, and the leak of patient records in Finland to name a few.
Many states, private sector and civil society organizations have reaffirmed their view that international law applies in cyberspace. Existing laws offer strong protection for the health sector against cyber operations, but the effectiveness of this protection may be limited by a number of grey areas, such as differing definitions of key terms and concepts or contrasting application in different contexts.