UN and WHO Warn of Ransomware Healthcare Crisis Becoming a Global Threat

WHO Briefs Security Council on Cyber-Attacks on Healthcare Facilities

On the 8th of November, the Director-General of the World Health Organization (WHO), Dr. Tedros Adhanom Ghebreyesus, briefed the Security Council in New York City on the alarming rise of cyber-attacks on healthcare facilities. In his speech, Dr. Tedros affirms that ransomware and other cyber-attacks on hospitals and other health facilities are not just issues of security and confidentiality, but can be classified as issues of life and death. He then amplified this point by stating that at best, these attacks cause disruption and financial loss, but at worst, they undermine trust in the health system on which people depend – even causing patient harm and death.

Ransomware attacks are no new feat for the healthcare industry and threat actors have consistently targeted them due to their vulnerabilities. According to Dr. Tedros, these facilities make attractive targets for ransomware attacks due to digital transformation, the high value of health data, the increasing demands on health systems, and resource constraints. Hackers will demand a ransom, encrypting patient data or rendering computer systems inoperable – forcing the healthcare facility to pay the ransom or continue to disrupt critical services.

To restore the system and retrieve data quickly, health facilities are often willing to pay a substantial ransom – even without the guarantee that the data will be decrypted and the attackers won’t try again. Dr. Tedros went on to highlight data from a 2021 global survey that revealed that over a third of healthcare respondents had faced ransomware attacks, and among them, nearly a third could not recover their data even after paying a ransom.

The Logic and Impact of Ransomware Attacks

The WHO Director-General went on to state that these ransomware groups operate on the logic that the greater the threat to patient safety, confidentiality, and service disruptions they can create, the greater the ransom they can demand. To further elaborate on the disruptions caused by healthcare ransomware, Dr, Tedros recalled the March 2020 ransomware attack against Brno University Hospital in the Czech Republic which forced the hospital to shut down its network. He also cited the May 2021 Conti Ransomware attack against the Irish Health Service Executive which paused radiotherapy services in five major centers.

To conclude, Dr. Tedros mentions that experts convened by WHO in 2023 had identified several key challenges to ensuring robust healthcare cybersecurity. These included, among others:

• A failure to communicate the threat of ransomware and the value of investing in cybersecurity clearly to decision-makers.
• The lack of a clear governance framework for cybersecurity.
• Complex infrastructure that is challenging to make more secure.
• A significant gap between the global demand and supply of cybersecurity skills and experts.

International Response and Call to Action

Anne Neuberger, the Deputy National Security Advisor for Cyber and Emerging Technology at the White House, also joined in to underscore the scale of the crisis - reporting over 1,500 US ransomware incidents in 2023 with ransom payments exceeding US$ 1.1 billion. She also noted that health experts have linked these cyber-attacks on healthcare to increased patient mortality in disrupted hospitals which further raises concerns about the human toll.

Neuberger called on the international community to collectively eradicate the scourge by acting together, abiding by a set of shared principles, refusing to pay criminal gangs, and helping each other apprehend the cybercriminals who think they can outmaneuver the system.

In her statement, she also condemns nations who “knowingly” allow ransomware gangs to operate - directly calling out Moscow by saying that “some states – most notably Russia – continue to allow ransomware actors to operate from their territory with impunity.” Russia defended itself by claiming the Security Council was not the appropriate forum to address cybercrime. The Russian ambassador Vassili Nebenzia further stated that if its “Western colleagues wish to discuss the security of healthcare facilities, they should agree in the Security Council upon specific steps to stop the horrific attacks by Israel on hospitals in the Gaza Strip.”

Other speakers also took to the floor to detail their countries’ experiences with cyber-attacks on healthcare - offering ways to better mitigate and respond to them. In response to the brief, the WHO and other UN bodies are actively working to support nations, providing technical assistance, norms, and guidelines to bolster the resilience of health infrastructure against cyber-attacks. Now that we know what the WHO healthcare ransomware position is on the matter, let’s look into healthcare ransomware attacks that have happened recently for a better understanding of their disruptive nature.

Recent Ransomware Healthcare Attacks in 2024

Cyber-attacks on healthcare facilities have been a growing concern for several years now. With such a lucrative and critical target, it’s easy to see why hackers focus their attention on the sector. Let’s go over some of the main healthcare ransomware attacks we’ve seen so far this year.

Ascension Healthcare Ransomware Attack

During the UN healthcare ransomware briefing, Eduardo Conrado, the President of Ascension Healthcare, also shared firsthand insights into the harsh realities of ransomware attacks. The US-based, non-profit healthcare organization was hit by a cyber-attack in May of 2024 which severely disrupted operations across its 120 hospitals. The attack encrypted thousands of computer systems - rendering electronic health records inaccessible and affecting key diagnostic services, including MRIs and CT scans.

Nurses were unable to look up patient records from their computer stations and were forced to comb through paper backups while doctors had to rely on runners to deliver printed copies of the scans to the hands of our surgery teams. Several Ascension hospitals were also forced to divert emergency medical services to ensure emergency cases were triaged immediately. Restoring operations took 37 days and Ascension spent about US$ 130 million on its response to the attack – losing approximately US$ 0.9 billion in operating revenue as of the end of fiscal year 2024.

Cencora Ransomware Attack

Pharmaceutical company Cencora confirmed that sensitive personal and health data was exfiltrated in a cyber-attack in February 2024. According to Bloomberg, the hackers behind a cyber-attack received a total of US$ 75 million through Bitcoin in March -one of the largest known cyber extortion payments ever made.

Lurie Children's Hospital Ransomware Attack

In January, the Lurie Children's Hospital in Chicago had to take its IT systems offline and was forced to delay care for many of its patients. Ransomware-as-a-Service group, Rhysida, set a ransom at US$ 3.7 million for 600GB of stolen data. After Lurie refused to meet the price, the data was leaked online. The organization noted that the breach caused by a ransomware attack impacted around 791,000 people.

MediSecure Ransomware Attack

MediSecure, an Australian healthcare technology company that specializes in electronic prescriptions, was forced to shut down its website and phone lines to contain a cyber-attack they uncovered in April. It was later revealed that roughly 12.9 million people who had used the service during the approximate period of March 2019 to November 2023 had their personal and health information stolen in the incident.

Change Healthcare Ransomware Attack

Change Healthcare processes 15 billion healthcare transactions and touches one in three patient records every year. In early April, Change Healthcare became the victim of a ransomware attack that caused the organization to shut down for several weeks. The company is reported to have paid the US$ 22 million in ransom demanded by the BlackCat ransomware group.

NHS England Ransomware Attack

In June of this year, NHS England also confirmed that the patient data managed by pathology testing organization, Synnovis, was stolen in a ransomware attack. More than 3000 hospital and GP appointments were affected by the attack orchestrated by Russian hacking group, Qilin. The group went on to share almost 400GB of confidential data on their darknet site after threatening Synnovis in the ransomware attack.

OneBlood Ransomware Attack

In July, the non-profit blood donation service OneBlood became the victim of a ransomware attack that affected critical software systems used for daily operations. The cyber-attack directly affected the company’s ability to ship blood products to hospitals in Florida and OneBlood had to resort to manually labeling blood products. The organization also asked more than 250 hospitals under their service to activate their critical blood shortage protocols and remain in that status for as long as needed.

As we look at all the examples of cyber-attacks on healthcare organizations, it’s difficult to not feel overwhelmed by the depravity of cybercriminals. However, there is always a solution as long as there is hope. This is why we’ve also explored how healthcare ransomware can be prevented overall.

How to Prevent Healthcare Ransomware Attacks

While digital transformation can make healthcare facilities more efficient, it can also present several gaps without the correct cybersecurity practices and platforms in place. Implementing cybersecurity in healthcare can be simple when we understand the weak spots in our security posture, the collaborative nature of implementation, and the need for human intervention along with cybersecurity software.

In his UN healthcare address, Dr. Tedros stressed that “cybersecurity is a whole-of-government responsibility” and stated Member States should invest in technology for early identification of attacks and include the cost of basic cybersecurity controls in the budgets for digital health projects. He emphasized the need for international cooperation, citing the Global Initiative on Digital Health and the Global Initiative on Artificial Intelligence (AI) for Health as two promising new global platforms for international dialogue hosted by WHO.

Dr. Tedros also focused on the human element for healthcare security - stating that humans are both the weakest and strongest links in cybersecurity. He further commented that while technologies to identify, protect, detect, respond, and recover are crucial, they are not sufficient - especially with the increasing use of Artificial Intelligence. He acknowledged that a change in mindset is needed to acknowledge that we cannot rely on IT systems alone to protect us from cyber-attacks. In his own words, “Enhancing cyber-maturity also means investing in people. It is humans who perpetrate ransomware attacks, and it is humans who can stop them.”

Some of the key tips to prevent healthcare ransomware include:

• Train staff to identify and respond to cyber-attacks efficiently and effectively.
• Rehearsing incident response plans.
• Conducting regular audits and penetration tests of security systems.
• Investing in managed security services to perform full security assessments.
• Implementing strong threat detection and response platforms.
• Engaging with proactive cybersecurity services.
• Creating a secure data backup for confidential files.
• Restricting access control for unauthorized personnel.

While these are only some of the many ways healthcare facilities can maintain their security posture, it’s also critical to partner with a cybersecurity firm that understands your specific concerns and IT needs. This is why Sangfor Technologies is the ideal choice for healthcare organizations in need of robust infrastructure and security.

Sangfor Products, Services, and Solutions That Prevent Healthcare Cyber-Attacks

Sangfor Technologies is a leading, dedicated, and innovative cybersecurity and cloud computing company that offers intensive and advanced ransomware protection. With a commitment to infrastructure that’s efficient, simplified, and secure, Sangfor can offer the healthcare industry comprehensive, reliable, and proactive cybersecurity that goes the extra mile. While ransomware is quickly evolving and becoming more of a problem, Sangfor has the perfect integrated and enhanced toolkit to keep your organization safe. This includes:

• Sangfor’s Network Secure Next-Generation Firewall (NGFW), the world’s first firewall platform to combine AI Technology, Cloud Threat Intelligence, NG-WAF, IoT Security, and SoC Lite, seamlessly eliminates over 99% of external threats at the network perimeter.
• Sangfor’s Endpoint Secure is a modern Endpoint Protection Platform (EPP) that combines antivirus, Endpoint Detection and Response (EDR), and endpoint management capabilities into a single solution – for integrated protection in vulnerable spots.
• Additionally, Sangfor’s impressive Anti-ransomware solution is the only security solution that addresses the entire life cycle of ransomware attacks while using AI and the synergy between Network Secure and Endpoint Secure to detect and block ransomware attacks in just 3 seconds.
• Lastly, Sangfor’s Internet Access Gateway provides full control over user access and can identify and analyze internet access behavior in real-time to provide comprehensive protection and monitoring – allowing you to gain full visibility and observe user behavior. The platform provides unified and network-wide management of all clients and uses Proxy Avoidance Protection and Intelligent Traffic Management to monitor any suspicious activity.

You don’t need to just take our word for it. Simply ask any one of our satisfied Sangfor customers.

Medilife Health Group

Medilife, a prominent private health institution in Istanbul, Türkiye, has been providing affordable, high-quality healthcare since 2001, and aims to modernize its IT and security infrastructure to continue delivering reliable services through its two hospitals and two clinics.

Sangfor’s Solution: Medilife DEPLOYED Sangfor Network Secure to secure their network gateways and DMZ servers, complemented by Endpoint Secure agents and Cyber Guardian IR services for comprehensive protection.

Ramsay Sime Darby Health Care Indonesia

Ramsay Sime Darby Health Care Indonesia is a private healthcare provider that found itself in need of an integrated solution to run its three hospitals more effectively. This would allow the organization to monitor internet usage and migrate seamlessly. Ramsay Sime Darby also needed a reliable IT infrastructure with high availability that could mitigate the risk of downtime.

Sangfor’s Solution: Sangfor proposed the use of its Internet Access Gateway (IAG) platform to secure and monitor Internet usage – ultimately improving the company’s bandwidth visibility and prioritizing critical applications within the network.

Wanon Niwat Hospital

Wanon Niwat Hospital in Sakon Nakhon Province, Thailand, is a community hospital dedicated to becoming a smart hospital by integrating modern technology to enhance efficiency, streamline operations, and improve patient services.

Sangfor Solution: Deploying Endpoint Secure on Sangfor HCI provides the hospital with robust data protection against threats like ransomware, utilizing built-in security features such as a distributed firewall to isolate VMs and ensure data integrity and protection.

Conclusion

Sangfor has a long history of providing consistent, reliable, and robust cybersecurity and cloud infrastructure solutions that can fortify critical services in the healthcare industry. The UN ransomware healthcare briefing at the UN solidifies the need for proactive cybersecurity measures on an international and policy-making level. To maintain effective healthcare cybersecurity that aligns with WHO and UN ransomware prevention, contact Sangfor today for information or visit www.sangfor.com.