Cybersecurity, Coronavirus, International Law, Power & Security Note to Nations: Stop Hacking Hospitals
Basic Page Sidebar Menu Perry World House
April 6, 2020
By
Christian Ruhl | Foreign Policy
In the early morning of March 14, the public announcement system of the Brno University Hospital in the Czech Republic broadcast an urgent message to all staff: Shut down your computers. As physicians and other health care workers responded to the coronavirus pandemic, the hospital was hit by a cyberattack. Brno, which houses one of the country’s biggest COVID-19 testing labs, had to take its entire IT system offline, cancel surgeries, and move patients to other hospitals.
The cyberattack threatened not only the lives of patients but also the broader fight against the coronavirus. Though the attack was thwarted quickly, it was a canary in a digital coal mine. Just one day later, on March 15, a cyberattack hit the U.S. Department of Health and Human Services—aiming to overload its servers. Hackers linked to Iran have reportedly been targeting World Health Organization staff since March 2 with phishing attacks as the organization has been in the midst of its response to the crisis. Russia, China, and North Korea are each taking advantage of the pandemic in their cyber-espionage operations—sending coronavirus-related phishing attempts to spread disinformation and gain access to servers—and U.S. officials have warned about foreign information campaigns stoking the flames of the crisis by sowing fears about a nationwide quarantine and spreading conspiracies that the virus originated with the U.S. military.
At a moment when medical systems are straining to respond to the coronavirus, the world must finally take steps to protect health infrastructure from cyberattacks. To do so, leaders can leverage the burgeoning movement to create so-called cyber-norms—shared international rules to build trust and stability online. Like those who decades ago created restrictions on attacks against those caring for the ill and wounded in war, we must today institute shared rules against attacks on critical infrastructure to protect our health care systems before it’s too late.
