The International Red Cross is the lead signatory on a letter released today calling for an end to cyberattacks on healthcare and medical research facilities during the COVID-19 pandemic.

The letter was initiated by the nongovernmental organization CyberPeace Institute and co-signed by 42 prominent people, including Microsoft Corp. President Brad Smith and former U.S. Secretary of State Madeleine Albright. It follows multiple cyberattacks targeting the sector.

Cyberattacks on the healthcare sector are said in the letter to jeopardize human lives and that governments should take “immediate and decisive action” to stop them. “We are hoping that the world’s governments will step up to affirm their commitments to the international rules that prohibit such actions,” wrote Peter Maurer, head of state of the International Committee of the Red Cross.

Attacks on the healthcare sector during the coronavirus pandemic include a ransomware attack on Fresenius SE & Co. KGaA, Europe’s largest private hospital operator and attacks on the Champaign Urbana Public Health District and Brno University Hospital in March. The latter attack was particularly notable because the hospital in the Czech Republic was tasked with testing and treating COVID-19 patients.

A call from within some in the cybercriminal community urging others to not take advantage of the pandemic March 19 was ignored, as the number of attacks rose in the following weeks.

“While the pleas put forth by these organizations are commendable, it is doubtful they will make any impact in the attacks on health care facilities or employees,” Erich Kron, security awareness advocate at security awareness training firm KnowBe4 Inc., told SiliconANGLE. “While the national governments in the countries where some of these gangs live might possibly attempt to crack down on these criminals, unfortunately in many cases, the corrupt local governments or police forces will provide them with ample warning so as not to be hindered by any enforcement actions.”

Chris Clements, vice president of solutions architecture at IT service management company Cerberus Sentinel ,was also skeptical of the call.

“Protection from malicious computer attacks is not something that you can just flip a switch and resolve, it must start months or even years in advance,” Clements said. “Further, government’s ability to protect organizations is quite limited. They could provide monetary grants to be used specifically for information security products and services, but those can be hard for already stressed medical IT staff to quickly implement.”

Photo: Unsplash