U.S. calls out Russia for enabling healthcare cyberattacks

U.S. Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger highlighted the prevalence of healthcare cyberattacks and pointed out Russia's role in perpetuating ransomware attacks against the sector at a United Nations Security Council briefing held on Nov. 8, 2024.

"The reality is that ransomware attacks on hospitals and healthcare systems are a serious threat to international peace and security," Neuberger said. "They jeopardize lives; they destabilize societies."

Neuberger cited ransomware data from the U.S. intelligence community, noting that 51% of global ransomware attacks in the first half of 2024 were against U.S. victims. What's more, healthcare and emergency services remains one of the top four most targeted sectors for ransomware.

This problem is exacerbated by the fact that some countries, such as Russia, are continuing to allow ransomware actors to operate from their territory without consequences, Neuberger suggested.

In 2021, President Biden met with President Putin to ask that Putin rein in ransomware attacks on U.S. targets, including in instances where the attack is not state-sponsored, but is still carried out on Russian soil.

Rather than honoring its U.N. commitments, Neuberger said, Russia continues to harbor cybercriminals.

For example, Black Basta, the ransomware group that claimed responsibility for a cyberattack against Ascension hospitals in May 2024, has ties to Russia. Additionally, the developer of LockBit, who now faces criminal charges, is a Russian national. As Russia-based cyberthreat actors continue to freely perpetrate attacks, the healthcare sector is continuing to face the consequences.

Neuberger stressed the negative effects that a cyberattack can have on a healthcare organization and its surrounding community, including ambulance diversions, increased lengths of stay for patients, and even increased mortality rates.

Neuberger urged other countries "not to follow Russia's practice in protecting international cybercriminals."

"We issue today a call to action: countries that experience a ransomware attack against a hospital should inform the country of origin of the attack and request that they take action in line with their U.N. commitments regarding responsible state behavior in cyberspace," Neuberger said.

A separate joint statement delivered on Nov. 8, 2024, by Neuberger on behalf of dozens of U.N. member states formally affirmed the shared commitment to these principles.

"When States act inconsistently with the framework, and knowingly allow ransomware actors to operate with impunity from their territories, responsible States should call out such irresponsible and destabilizing behavior and hold irresponsible actors to account," the joint statement asserted. "The increasing threat of ransomware is detrimental to all of us."

Despite the troubling trends, progress in coordinating a global response to ransomware threats has been made in this space in recent years. For example, in 2021, a coalition of 68 international member states came together to form the International Counter Ransomware Initiative. Through the CRI, members focus on jointly addressing ransomware attacks on a global level and improving critical infrastructure security.

The joint statement confirmed that U.N. members will continue to use the CRI and other international collaboration efforts to combat ransomware attacks against healthcare organizations.

Jill McKeon has covered healthcare cybersecurity and privacy news since 2021.