An alarming surge in ransomware attacks is putting the world’s healthcare infrastructure at critical risk, endangering patient safety and destabilising health systems, the head of the UN World Health Organisation (WHO) warned, as the Security Council convened to discuss strategies to counter the growing threat.

What is ransomware?

• Ransomware is a category of malware that gains access to systems and makes them unusable to its legitimate users, either by encrypting different files on targeted systems or locking the system’s screen unless a ransom is paid. Ransomware actors also threaten to sell or leak any exfiltrated data, if the ransom is not paid.

• Ransomware attacks are a form of cyberattacks, in which a malicious actor “takes over” or “locks” files on a single computer or an entire network.

• The attacks have grown in scale and sophistication over the years, with the price tag now in the tens of billions each year.

• According to a 2021 global survey, more than one-third of health institutions reported at least one ransomware attack in the preceding year, and a third among them reported paying a ransom.

Although there are countless strains of ransomware, they mainly fall into two main categories:

i) Crypto Ransomware encrypts files on a computer so that they become unusable.

ii) Locker Ransomware blocks standard computer functions from being accessed.

How does ransomware work?

1) Access: Attackers gain access to your network. They establish control and plant malicious encryption software. They may also take copies of your data and threaten to leak it.

2) Activation: The malware is activated, locking devices and causing the data across the network to be encrypted, meaning you can no longer access it.

3) Ransom demand: Usually you will then receive an on-screen notification from the cyber criminal, explaining the ransom and how to make the payment to unlock your computer or regain access to your data. 

• Payment is usually demanded via an anonymous web page and usually in a cryptocurrency.

Issue of life and death

• WHO Director-General Tedros Ghebreyesus emphasised the severe impact of cyberattacks on hospitals and healthcare services, calling for urgent and collective global action to address this growing crisis.

• Ransomware and other cyberattacks on hospitals and other health facilities are not just issues of security and confidentiality, they can be issues of life and death, he said.

• The digital transformation of healthcare, combined with the high value of health data, has made the sector a prime target for cybercriminals. 

• Tedros cited examples of the 2020 ransomware attack on Brno University Hospital in Czechia and a May 2021 breach of the Irish Health Service Executive (HSE).

• Cyberattacks also extended beyond hospitals to disrupt the broader biomedical supply chain.

• During the pandemic, vulnerabilities were exposed in companies manufacturing COVID-19 vaccines, clinical trial software vendors, and laboratories.

• WHO chief highlighted the concerning reality that, even when ransoms are paid, access to encrypted data is not guaranteed.

• Eduardo Conrado, President of Ascension Healthcare, a US-based non-profit healthcare provider, shared firsthand insights into the harsh realities of ransomware attacks.

• He detailed the May 2024 cyberattack on Ascension, which severely disrupted operations across its 120 hospitals.

• The attack encrypted thousands of computer systems, rendering electronic health records inaccessible and affecting key diagnostic services, including magnetic resonance imaging (MRIs) and computed tomography (CT) scans.

• Nurses were unable to look up patient records from their computer stations and were forced to comb through paper back-ups. Imaging teams were unable to quickly send the latest scans up to surgeons waiting in the operating rooms.

• These disruptions not only delayed care but increased patient risk and placed an extraordinary burden on medical staff already contending with high-stress conditions.

• Restoring operations took 37 days, during which the backlog of paper records grew to a towering mile-high equivalent. Ascension spent about $130 million on its response to the attack and lost approximately $900 million in operating revenue as of the end of fiscal year 2024.

Manorama Yearbook app is now available on Google Play Store and iOS App Store