Call to governments: Work together to stop cyber attacks on health care
On Tuesday, Peter Maurer added his name to a list of more than 40 international leaders calling on the world's governments to take immediate and decisive action to prevent and stop cyber attacks that target hospitals, health care, research organizations, and international authorities providing critical care and guidance in the midst of the ongoing COVID-19 pandemic.
The signatories come from across government, industry, international and non-governmental organizations and academia and demand that governments work together, including at the United Nations, to reaffirm and recommit to international rules that prohibit such actions.
Attacks on health care are unthinkable - and frankly outrageous - especially during the #COVID pandemic.— Peter Maurer (@PMaurerICRC) May 26, 2020
Today we are calling on States to assert in unequivocal terms: cyber operations against healthcare facilities are unlawful and unacceptable. pic.twitter.com/IMf5pNJJub
The call follows cyber attacks in recent weeks against medical facilities, including in the Czech Republic, France, Spain, Thailand, and the United States, international organizations such as the World Health Organization, and other health authorities.
This additional threat to medical facilities comes at a time when the ICRC has recorded more than 200 physical incidents of violence against health workers and facilities linked to COVID-19, across more than 13 countries, since the beginning of the pandemic. These are just the attacks we know about; the actual numbers are likely much higher.
A call to governments: Work together to stop cyber attacks on health care
We call on the world's governments to take immediate and decisive action to stop all cyber attacks on hospitals, health care and medical research facilities, as well as on medical personnel and international public health organizations. To this end, governments should work together, including at the United Nations, to reaffirm and recommit to international rules that prohibit such actions.
Over the past weeks, we have witnessed attacks that have targeted medical facilities and organizations on the front line of the response to the COVID-19 pandemic. These actions have endangered human lives by impairing the ability of these critical institutions to function, slowing down the distribution of essential supplies and information, and disrupting the delivery of care to patients. With hundreds of thousands of people already perished and millions infected around the world, medical care is more important than ever. This will not be the last health crisis. For now and for the future, governments should assert in unequivocal terms: cyber operations against health care facilities are unlawful and unacceptable.
We don't tolerate attacks on health infrastructure in the physical world, and we must not tolerate such attacks in cyberspace – whether in time of peace or in time of conflict. We stand with the International Committee of the Red Cross in support of its call to protect medical services or medical facilities against cyber attacks of any kind. We call on governments to work together, and to join forces with civil society and the private sector, to ensure that medical facilities are respected and protected, and to hold perpetrators accountable. Above all, governments should take action and stop cyber attacks on hospitals and medical facilities. The time to act is now.
The cyber attacks range from ransomware operations, aimed at crippling primary and urgent care networks in exchange for payouts, to disinformation campaigns aimed at undermining and disrupting wider elements of the response to the pandemic, including testing and vaccine research facilities. Where successful, these attacks have interrupted the provision of health care and put additional costs on health-care providers. They underline the vulnerability of this sector to cyber attacks at a time when medical care is needed more than ever.
Recent cyber attacks against medical facilities underline a concern the ICRC has raised for some time: medical facilities are particularly vulnerable to hostile or malicious cyber operations. In times of health crisis – pandemics or armed conflicts – hospitals are needed more than ever.
Cyber operations that disrupt hospital computers, medical supply chains, or medical devices, risk interrupting the provision of health care and pose great risk to those seeking medical care. If hospitals are no longer functioning, life-saving treatment will not be available.
Letter in today's @Guardian from international leaders calling on governments to prevent & stop cyber attacks against health-care facilities.— Helen Alderson (@HAldersonICRC) May 26, 2020
Hard to believe, but in recent weeks we've seen cyber attacks against medical facilities and orgs on frontline of #Covid19 response pic.twitter.com/Ozr2QEpBqd
The protection of medical facilities during armed conflict is at the heart of international humanitarian law. The Geneva Conventions leave no doubt: medical facilities and their staff must be respected and protected. Belligerents must not harm medical infrastructure through cyber operations and must take great caution to avoid incidental harm caused by such operations.
Societies are digitalizing, and cyber operations have become a reality of today's armed conflicts. With an increasing number of States developing military cyber capabilities, cyber operations are expected to increase. The threat to the health-care sector during the current pandemic must be a wake-up call to address the threats that cyber attacks against health-care facilities may pose in future.
- Dapo Akande, Professor of Public International Law, University of Oxford
- Madeleine Albright, Former Secretary of State, United States
- Ban Ki-moon, Former Secretary General of the United Nations
- Lakhdar Brahimi, Former Foreign Minister, Algeria
- John Bruton, Former Taoiseach, Ireland
- Fernando Henrique Cardoso, Former President, Brazil
- Margaret Chan, Former Director-General, World Health Organization
- Eva Chen, Chief Executive Officer, Trend Micro
- Stephane Duguin, Chief Executive Officer, CyberPeace Institute
- Mohamed ElBaradei, Former Director General of the International Atomic Energy Agency (Nobel Peace Prize Laureate)
- Beatrice Fihn, Executive Director of the International Campaign to Abolish Nuclear Weapons (Nobel Peace Prize Laureate)
- Mikhail Gorbachev, Former President, Soviet Union (Nobel Peace Prize Laureate)
- Gro Harlem Brundtland, Former Director General, World Health Organization
- Zhixiong Huang, Professor of International Law, Wuhan University
- Igor Ivanov, Former Foreign Minister, Russia
- Ellen Johnson Sirleaf, Former President, Liberia (Nobel Peace Prize Laureate)
- Eugene Kaspersky, Chief Executive Officer, Kaspersky
- Khoo Boon Hui, Former President, INTERPOL
- Larry Kramer, President, William and Flora Hewlett Foundation
- Ricardo Lagos, Former President, Chile
- Doris Leuthard, Former President of the Swiss Confederation
- Adrian Lovett, President and Chief Executive Officer, World Wide Web Foundation
- Susana Malcorra, Former Foreign Minister, Argentina
- Peter Maurer, President, International Committee of the Red Cross
- Daniel Mitov, Former Foreign Minister, Bulgaria
- Eduardo Montealegre, Former Foreign Minister, Nicaragua
- Marty Natalegawa, Former Foreign Minister, Indonesia
- Nandan Nilekani, Non-Executive Chairman of the Board, Infosys
- Ngozi Okonjo-Iweala, Former Finance Minister, Nigeria
- Maia Panjikidze, Former Foreign Minister, Georgia
- Zeid Ra'ad Al Hussein, Former UN High Commissioner for Human Rights
- Sir Richard J. Roberts, Chief Scientific Officer, New England Biolabs (Nobel Laureate in Physiology or Medicine)
- Francesco Rocca, President, International Federation of Red Cross and Red Crescent Societies
- Julio María Sanguinetti, Former President, Uruguay
- Juan Manuel Santos, Former President, Colombia (Nobel Peace Prize Laureate)
- Samir Saran, President, Observer Research Foundation
- Marietje Schaake, Former Member of the European Parliament
- Michael Schmitt, Professor of International Law, University of Reading
- Wendy Sherman, Former Under Secretary of State for Political Affairs, United States
- Brad Smith, President, Microsoft
- Helle Thorning Schmidt, Former Prime Minister, Denmark
- Desmond Tutu, Archbishop Emeritus of Cape Town (Nobel Peace Prize Laureate)
- Danilo Türk, Former President, Slovenia
- Lech Wałęsa, Former Polish President (Nobel Peace Prize Laureate)
- Sir Graham Watson, Former Member of the European Parliament, UK
- Harold F. Wolf III, Chief Executive Officer, Healthcare Information and Management Systems Society
- Ernesto Zedillo, Former President, Mexico