During a United Nations Security Council briefing, U.S. Deputy National Security Advisor for Cyber and Emerging Technologies Anne Neuberger called out Russia for enabling ransomware attacks on the healthcare sector.
“The reality is that ransomware attacks on hospitals and healthcare systems are a serious threat to international peace and security,” Neuberger said. “They jeopardize lives; they destabilize societies.”
In 2022, the Northern Treaty Organization (NATO) warned that a significant cyber attack on a member country could trigger Article 5, which warrants using lethal force, blurring the lines between disruptive cyber attacks and kinetic strikes.
Russian ransomware attacks target US healthcare institutions
Neuberger noted that 51% of global ransomware attacks in the first half of 2024 targeted U.S. healthcare organizations, usually from cybercrime groups based in Russia. According to the HHS’ Office for Civil Rights, significant data breaches from ransomware attacks increased by 264% since 2018.
According to Neuberger, “Healthcare and emergency services is one of the top four most targeted sectors for ransomware attacks.” Ironically, Eduardo Conrado, the President of Ascension Healthcare, which was almost disrupted into oblivion by a Russian ransomware attack, graced the UN briefing.
Some of the most potent ransomware groups, such as DarkSide, responsible for the Colonial Pipeline ransomware attack; Black Basta, responsible for the Ascension hospitals ransomware attack; and LockBit and BlackCat, jointly attributed to 30% of all ransomware attacks on healthcare facilities, are based in Russia.
Similarly, various cybercrime groups, such as Conti ransomware and the Killnet DDoS group, have pledged allegiance to Russia and promised to support its Ukraine War effort. However, those groups usually avoid attacking Russia and Commonwealth of Independent States (CIS) members.
In 2021, U.S. President Joe Biden met with Russian leader Vladimir Putin to discuss the threat of Russian ransomware. During the meeting, Biden requested Putin to halt Russian ransomware attacks on U.S. targets, including those by non-state threat actors.
“I made it very clear to him (Putin) that the United States expects, when a ransomware operation is coming from his soil, even though it’s not sponsored by the state, we expect them to act if we give them enough information to act on who that is,” Biden said in a press briefing.
However, the meeting had limited impacts, and the subsequent Russian invasion of Ukraine dashed any hopes of any further cooperation.
During the briefing, Neuberger called out Russia for harboring cybercriminals instead of honoring its past commitments to crack down on cybercriminals launching ransomware attacks from its soil.
Neuberger highlighted the negative impacts of Russian ransomware attacks on healthcare facilities, which included increased patient stays at hospitals, diversion of ambulances, and increased mortality rates. The UN also says ransomware attacks undermine public trust in healthcare systems.
“I want to re-emphasize that last sentence. Health experts have estimated that ransomware attacks were responsible for the deaths of dozens of patients in the United States,” Neuberger said. “More recent data confirms that mortality rates at hospitals increase when a hospital has been disrupted by cyberattacks.”
The US envoy also enumerated other healthcare impacts of ransomware attacks, including hampered response to serious and infectious diseases like Mpox and COVID-19, cancelation of surgeries and other critical medical procedures, denial of access to life-saving supplies such as blood banks, and exposure of sensitive personal information.
Need for member states to counter ransomware attacks
Meanwhile, Neuberger advised countries to avoid following Russia’s bad example of protecting cybercriminals and adhere to the Framework for Responsible State Behavior in Cyberspace to safeguard global peace and security.
“The United States implores states not to follow Russia’s practice in protecting international cybercriminals, and reiterates our request for states to follow the Framework for Responsible State Behavior in Cyberspace as a matter of upholding international peace and security,” said Neuberger.
Nonetheless, Russia continues to enjoy significant support from U.S. adversaries like Iran and North Korea, who frequently take a page from the Kremlin’s playbook.
Warning that ransomware attacks were “detrimental to all of us,” the U.S. envoy stressed the need for UN Security members to call out and hold responsible member countries that aid or harbor cyber criminals on their soil, like Russia.
“When States act inconsistently with the framework, and knowingly allow ransomware actors to operate with impunity from their territories, responsible States should call out such irresponsible and destabilizing behavior and hold irresponsible actors to account,” said Neuberger.
To address the threat of ransomware attacks, Neuberger stressed the strength in numbers. A group of UN member countries launched a 68-member International Counter Ransomware Initiative to address the threat. Forty countries have also agreed to prevent their government agencies from paying ransom.
Neuberger also stressed the need for member countries to honor their commitments in addressing the ransomware threat.
The U.S. envoy also called out Russian entities, such as banks, for facilitating cybercrime by laundering the proceeds of crime: “Some money launderers for these top ransomware actors are Russia-based and utilize Russian banks or cryptocurrency exchanges to launder their ill-gotten gains.”
The joint statement was signed by three of the five permanent US Security Council members: the United States, the United Kingdom, and France, while Russia and China avoided appending their signatures.
