In a significant development at the United Nations Headquarters, WHO Director-General Dr. Tedros Adhanom Ghebreyesus delivered a stark warning about the escalating cyber threats facing health systems worldwide, highlighting the urgent need for collective action to safeguard public health in an increasingly digital landscape.

In the session that was broadcast live, Dr. Tedros emphasized the essential vulnerability of hospital infrastructure to cyberattacks, particularly ransomware, pointing out the rising frequency of such incidents and their potentially lethal consequences. "Let's be clear right away," Dr. Tedros added, "ransomware and other cyberattacks on hospitals and health facilities are more than just security and confidentiality concerns. They might be life-or-death situations."

He mentioned a number of notable attacks, including a 2020 ransomware attack on Bruno University Hospital in Czechia that halted operations during the pandemic's early stages while another high-profile attack in 2021 targeted Ireland's Health Service Executive (HSE), significantly disrupting critical services.

The attack, which began with a phishing email, lasted two months and compromised nearly 80% of the HSE's data, making the national diagnostic imaging platform unusable.

"In such cases," he noted, "clinical staff often resort to paper-based processes to maintain baseline services," emphasizing the operational and clinical difficulties these attacks cause.

Dr. Tedros discussed the harmful logic that cybercriminals use. "Cybercrime groups operate on the logic that the greater the threat to patient safety, confidentiality, and service disruption, the greater the ransom they can demand," he informed.

Health facilities often succumb to ransom demands due to concerns about patient safety, despite the uncertainty of decrypting data or preventing further attacks.

Dr. Tedros went on to say that recent polls showed that more than one-third of healthcare organisations globally faced ransomware assaults in 2021 alone and that even among those who paid ransoms, 31% were unable to restore access to their data.

Cyber dangers in healthcare are spreading beyond hospitals to encompass the entire biomedical supply chain. We detected vulnerabilities in 17 biomedical companies that produce COVID-19 vaccines and conduct clinical trials. 

These attacks jeopardise not only patient treatment but also public trust in critical healthcare infrastructure. "Such breaches," he said, "undermine trust in the health system on which people depend and can lead to devastating consequences." 

In collaboration with the United Nations and other partners, the World Health Organization is actively working to help countries strengthen their healthcare systems against cyber threats. "In December last year, WHO convened experts in Geneva to develop strategies to address cybersecurity threats, especially in resource-constrained settings," Dr. Tedros disclosed.

This program identified crucial obstacles like decision-makers' insufficient grasp of ransomware dangers, complicated health IT infrastructure, and a significant global scarcity of cybersecurity personnel.

These inadequacies leave healthcare institutions ill-equipped to combat increasingly complex cyber attacks. Dr. Tedros emphasised that improving cybersecurity involves more than just technology; it also requires governance and training.

WHO's latest studies, prepared in conjunction with Interpol, the United Nations Office on Drugs and Crime (UNODC), and other organisations, provide advice on improving health-care system resilience.

He urged member nations to implement complete cyber maturity policies, including making cybersecurity a major component of digital health budgets and avoiding unsupported software, which is particularly vulnerable to attacks.

He emphasized the importance of early detection of cyber intrusions, stating, "Most attacks are discovered only months after they occur, and by then, the damage has been done." However, Dr. Tedros cautioned that technology alone is insufficient to prevent cyber dangers. "Our mindset must change radically," he insisted.

"Humans perpetrate ransomware attacks, and it is humans who can stop them." He emphasized the necessity of training healthcare workers to recognize and respond to cybersecurity threats, claiming that humans are "both the weakest and strongest links." This strategy is increasingly important as artificial intelligence's involvement in cyber threats and defences expands.

Dr. Tedros finished by urging further international cooperation to combat the transnational nature of cybercrime. "Viruses do not respect boundaries, and neither do cyberattacks.

"International cooperation is therefore essential," he stated, citing WHO's new programs such as the Global Initiative on Digital Health and the Global Initiative on AI for Health, which promote cross-border collaboration.

Dr. Tedros addressed the Security Council, encouraging the organisation to use its role under the UN Charter to address cybersecurity as a matter of global security. "Just as you have used your mandate to adapt resolutions on matters of physical security, we ask you to consider using that same mandate to strengthen global cybersecurity and accountability," he said.

Pointing out that WHO strives to support its member states in maintaining global health systems through a comprehensive strategy that incorporates technological, human, and international components, the WHO Director General emphasised the critical need for robust healthcare systems in an age of constant cyber threats. As healthcare becomes more digitized, cyber intrusions can have a direct impact on people's lives, not just their data.