Public Law Studies Quarterly

Current Issue

By Issue

By Author

Author Index

Keyword Index

Journal About

Editorial Board

Journal Aim Scope

News

Journal FAQ

Journal Links

Guide for Authors

Author Guidelines for Manuscript Submission

Reviewers List

Cyberattacks on Healthcare Infrastructure from the Perspective of International Law

Articles in Press

Document Type : Article

Authors

1 Ph.D. Student in International Law, Faculty of Law and Political Science, Tehran University, Tehran, Iran.

2 Prof., Department of Law, Faculty of Humanities, Bu-Ali Sina University, Hamedan, Iran.

10.22059/jplsq.2025.386188.3639

Abstract

Today, there is no doubt that technology has strengthened the realization of the right to health; however, it has also led to violations and weakening of this right, exposing the world to an increasing risk of cyberattacks. Healthcare programs and medical data are significantly more sensitive and complex than many other types of data and programs, necessitating a high level of protection. Nevertheless, the rise in cyberattacks targeting healthcare and medical facilities is accelerating, with substantial impacts on the provision of healthcare services globally. Consequently, the healthcare industry has lagged behind other industries in protecting its most critical stakeholders (patients), and hospitals must now invest considerable capital and effort to safeguard their systems. In examining cyberattacks, it is essential to distinguish between two categories of such attacks: those reaching the threshold of the use of force and those that do not. Thus, the rules governing these attacks can be categorized and differentiated into two frameworks: peacetime and armed conflict. Therefore, this article employs a descriptive-analytical approach and relies on a library-based method of data collection to address the question of what legal rules govern such attacks.

Keywords

Main Subjects

References

  1.  English

    1. A) Books
    2. Clemente, D. (2013). Cyber Security and Global Interdependence: What Is Critical?. London: Chatham House.
    3. International Group of Experts at the Invitation of the NATO Cooperative Cyber Defence Centre of Excellence. (2013). Tallinn Manual 1.0 on the International Law Applicable to Cyber Warfare. Cambridge University Press.
    4. International Group of Experts at the Invitation of the NATO Cooperative Cyber Defence Center of Excellence. (2017). Tallinn Manual 2.0 On The International Law Applicable To Cyber Operation, Cambridge University Press.
    5. Lehto, M. (2022). Cyber-Attacks Against Critical Infrastructure. In book: Lehto, M.; & Neittaanmäki, P. (Eds.), Cyber Security: Critical Infrastructure Protection. Springer. Computational Methods in Applied Sciences, Vol. 56, 3-42.
    6. Liivoja, R.; & McCormack, T. (2013). Law in Virtual Battlespace: The Tallinn Manual and the jus in bello. Vol. 15. Yearbook of International Humanitarian Law,
    7. Roscini, M. (2014). Cyber Operations and the Use of Force in International Law. Oxford University Press.
    8. Taubman, C.; Hart, A.; Hertelendy, A.; Tin, D.; Hata, R.; & Ciottone, G.R. (2023). Reviewing the Health Care Impacts of Attacks on Critical Infrastructure. In book: Prehospital and Disaster Medicine, Vol. 38, No. 5, Cambridge University Press, 660-667.

     

    1. B) Articles
    2. Adebukola, A., Navya, A., Jordan, F., Jenifer, N., & Richard D., B. (2022). Cyber Security as a Threat to Health Care. Journal of Technology and Systems, 4 (1), 32 – 64.
    3. Argaw, S. T., Troncoso-Pastoriza, J. R., Lacey, D., Florin, M.-V., Calcavecchia, F., Anderson, D., Burleson, W., Vogel, J-M., O’Leary, C., Eshaya-Chauvin, B., & Flahault, A. (2020). Cybersecurity of Hospitals: discussing the challenges and working towards mitigating the risks. BMC Medical Informatics and Decision Making, 20(1), 1-10.
    4. Burke, W., Stranieri, A., Oseni, T., & Gondal, I. (2024). The need for cybersecurity self-evaluation in healthcare. BMC Medical Informatics and Decision Making, 24, 133, 1-15.
    5. Chon, A., Dave, C., & Ronald, R. S. (2019). Muddling through cybersecurity: Insights from the U.S. healthcare industry. Business Horizons, 62(4), 539-548.
    6. Hartlev M. (2013). Equal Access to Healthcare on a Non-Discriminatory Basis-Reality or Aspiration. European Journal of Health Law, 20(4), 343-346.
    7. Kulkarni, V. P. (2025). Cybercrime in healthcare: Legal frameworks for prevention and enforcement. International Journal of Law, 11(4), 30-35.
    8. Lis, P., & Mendel, J. (2019). Cyberattacks on critical infrastructure: an economic perspective. Economics and Business Review, 5(19), No. 2, 24-47.
    9. Nandy, M., & Dubey, A.. (2024). Public Health Care Cybersecurity Challenges and Solutions for Cyber-Attacks on Critical Health Infrastructure. South Eastern European Journal of Public Health, 322–326.
    10. Nelson, C.J., Soisson, E.T., Li, P.C., Lester-Coll, N.H., Gagne, H., Deeley, M.A., Anker, C.J., Ann Roy, A., & Wallace, H.J. (2022). Impact of and Response to Cyberattacks in Radiation Oncology. Advances in Radiation Oncology, 7 (5), 1-7.
    11. Orzechowski, M., Nowak, M., Bielińska, K., Chowaniec, A., Doričić, R., Ramšak, M., Muzur, A., Zupanič-Slavec, Z., & Florian, S.. (2020). Social diversity and access to healthcare in Europe: how does European Union’s legislation prevent from discrimination in healthcare?. BMC Public Health, 20, 1399, 1-10.
    12. Schwendimann, F. (2011). The legal framework of humanitarian access in armed conflict. International Review of the Red Cross, 93(884), 993-1008.
    13. Yustina, EW., & Kusumaningrum, (2019). The Principle of Non-Discrimination in Health Services in the Perspective of Government Responsibility.Untag law review (ULREV), 3(2), 188-198.

     

    1. C) Thesis
    2. Valo, J. (2014). Cyber Attacks and the Use of Force in International Law. Master's Thesis. Supervisor: LL.D. Jarna Petman. Helsinki: University of Helsinki, Faculty of Law, January 2014.

     

    1. D) Cases
    2. (1986). Military and Paramilitary Activities in and against Nicaragua (Nicaragua v. USA), Judgment. Retrieved November 16, 2024 from https://www.icj-cij.org/case/70
    3. (1996). Legality of the Threat or Use of Nuclear Weapons, Advisory Opinion. Retrieved November 16, 2024 from https://www.icj-cij.org/case/95
    4. (1999). The Tadić case (IT-94-1-A), Appeals Chamber, Judgment, 15 July 1999. Retrieved November 19, 2024 from https://www.icty.org/en/case/tadic

     

    1. E) Conventions & Documents
    2. Additional Protocol Concerning the Criminalization of Acts of a Racist and Xenophobic Nature Committed through Computer System. (2003). Retrieved November 17, 2024 from https://rm.coe.int/168008160f
    3. Constitution of the World Health Organization (1946). Retrieved September 12, 2024 from https://treaties.un.org/doc/Treaties/1948/04/19480407%2010-51%20PM/Ch_IX_01p.pdf
    4. Convention (I) for the Amelioration of the Condition of the Wounded and Sick in Armed Forces in the Field. )1949). Geneva, 12 August 1949. Retrieved November 19, 2024 from https://ihl-databases.icrc.org/en/ihl-treaties/gci-1949?activeTab=1949GCs-APs-and-commentaries
    5. Convention (II) for the Amelioration of the Condition of Wounded, Sick and Shipwrecked Members of Armed Forces at Sea. )1949). Geneva, 12 August 1949. Retrieved November 19, 2024 from https://ihl-databases.icrc.org/en/ihl-treaties/gcii-1949?activeTab=1949GCs-APs-and-commentaries
    6. Convention (III) relative to the Treatment of Prisoners of War. (1949). Geneva, 12 August 1949. Retrieved November 19, 2024 from https://ihl-databases.icrc.org/en/ihl-treaties/gciii-1949?activeTab=1949GCs-APs-and-commentaries
    7. Convention (IV) relative to the Protection of Civilian Persons in Time of War. )1949). Geneva, 12 August 1949. Retrieved November 19, 2024 from https://ihl-databases.icrc.org/en/ihl-treaties/gciv-1949
    8. Convention on Cybercrime (Budapest Convention). (2001). Council of Europe. European Treaty Series – No. 185., Entered into Force on 1 July Retrieved November 17, 2024 from https://rm.coe.int/1680081561
    9. Customary international humanitarian law (IHL). (2005). Retrieved November 19, 2024 from https://ihl-databases.icrc.org/en/customary-ihl
    10. Draft articles on Responsibility of States for Internationally Wrongful Acts. (2001). Retrieved November 19, 2024 from https://legal.un.org/ilc/texts/instruments/english/commentaries/9_6_2001.pdf
    11. European Convention on Human Rights. (1950). Retrieved September 12, 2024 from https://www.echr.coe.int/documents/d/echr/convention_ENG
    12. Human Rights Committee. (1984). General Comment No 14. Retrieved November 17, 2024 from https://www.ohchr.org/sites/default/files/Documents/Issues/Women/WRGS/Health/GC14.pdf
    13. International Humanitarian Law and the Challenges of Contemporary Armed Conflicts, official working document of the 31st International Conference of the Red Cross and Red Crescent, 28 November–1 December 2011, Doc. 31IC/11/5.1.2. Retrieved November 19, 2024 from http://www.rulac.org/assets/downloads/2011_Contemporary_Challenges_report.pdf
    14. International Covenant on Civil and Political Rights. (1966). Retrieved September 12, 2024 from https://www.ohchr.org/sites/default/files/ccpr.pdf
    15. International Covenant on Economic, Social and Cultural Rights. (1966). Retrieved September 12, 2024 from https://www.ohchr.org/sites/default/files/cescr.pdf
    16. International Health Regulations (2005). Retrieved May 23, 2025 from https://iris.who.int/bitstream/handle/10665/246107/9789241580496-eng.pdf
    17. (2011). International legal protection of human rights in armed conflict. New York: United Nations. Retrieved November 17, 2024 from https://www.ohchr.org/sites/default/files/Documents/Publications/HR_in_armed_conflict.pdf
    18. Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of International Armed Conflicts (Protocol 1). (1977). Retrieved November 14, 2024 from https://www.un.org/en/genocideprevention/documents/atrocity-crimes/Doc.34_AP-I-EN.pdf
    19. Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protection of Victims of Non-International Armed Conflicts (Protocol II). (1977). Retrieved November 14, 2024 from https://www.icrc.org/sites/default/files/external/doc/en/assets/files/other/icrc_002_0321.pdf
    20. Resolution 2341. (2017). Adopted by the Security Council at its 7882nd meeting on 13 February 2017. Retrieved November 15, 2024 from https://documents.un.org/doc/undoc/gen/n17/038/57/pdf/n1703857.pdf
    21. Rome Statute of the International Criminal Court. (1998). Retrieved November 19, 2024 from https://www.icc-cpi.int/sites/default/files/2024-05/Rome-Statute-eng.pdf
    22. Saint Petersburg Declaration. (1868). Retrieved November 16, 2024 from https://ihl-databases.icrc.org/en/ihl-treaties/st-petersburg-decl-1868
    23. United Nations Charter. (1945). Retrieved September 12, 2024 from https://www.un.org/en/about-us/un-charter/full-text
    24. United nations office of Counter-Terrorism; United nations security council Counter-Terrorism Committee Executive Directorate (CTED); INTERPOL. (2022) The Protection of Critical Infrastructure Against Terrorist Attacks, Compendium of Good Practices 2022 Update. Retrieved November 16, 2024 from https://www.un.org/counterterrorism/sites/www.un.org.counterterrorism/files/2225521_compendium_of_good_practice_web.pdf
    25. Universal Declaration of Human Rights. (1948). Retrieved September 12, 2024 from https://www.un.org/sites/un2.un.org/files/2021/03/udhr.pdf

     

    1. F) Websites
    2. Aydogan, M. (2024). Ransomware attacks on hospitals are 'issues of life and death,' warns WHO chief. Anadolu Ajansi. Retrieved November 10, 2024 from https://www.aa.com.tr/en/world/ransomware-attacks-on-hospitals-are-issues-of-life-and-death-warns-who-chief/3388792
    3. Cimpanu, C. (2018). CenturyLink outage takes down several 911 emergency services across the US. ZDNET. Retrieved November 12, 2024 from https://www.zdnet.com/article/centurylink-outage-takes-down-several-911-emergency-services-across-the-us/
    4. Council of Europe. (n.d). What are human rights?. Council of Europe. Retrieved June 6, 2025 from https://www.coe.int/en/web/portal/what-are-human-rights
    5. (n.d.). Why Medical Records are 10 Times More Valuable Than Credit Card Info. Cyberpolicy. Retrieved May 23, 2025 from https://www.cyberpolicy.com/cybersecurity-education/why-medical-records-are-10-times-more-valuable-than-credit-card-info
    6. (n.d). “Types Of Cyber Attacks”. Fortinet. Retrieved May 20, 2025 from https://www.fortinet.com/resources/cyberglossary/types-of-cyber-attacks
    7. Humer, C.; & Finkle, J. (2014). Your medical record is worth more to hackers than your credit card. Reuters. Retrieved May 23, 2025 from https://www.reuters.com/article/technology/your-medical-record-is-worth-more-to-hackers-than-your-credit-card-idUSKCN0HJ21I/;
    8. (n.d). Human Rights applicable in armed conflicts. casebook.icrc. Retrieved May 20, 2025 from https://casebook.icrc.org/a_to_z/glossary/human-rights-applicable-armed-conflicts
    9. Kumar, N. (2024). How Many IoT Devices Are There (2025-2030 Data). Demandsage. Retrieved May 20, 2025 from https://www.demandsage.com/number-of-iot-devices/
    10. Martin, G.; Martin, P.; Hankin, C.; Darzi, A.; & Kinross, J. (2017). Cybersecurity and healthcare: how safe are we? BMJ. Retrieved November 20, 2024 from https://www.bmj.com/content/358/bmj.j3179
    11. (2023). Special Rapporteur on the Right to Health Says Digital Innovation Has Strengthened the Right to Health for Some, but Warns it Could Enable Violations and Undermine this Right. OHCR. Retrieved November 5, 2023 from https://www.ohchr.org/en/news/2023/06/special-rapporteur-right-health-says-digital-innovation-has-strengthened-right-health.
    12. (n.d). What are human rights?. United Nations. Retrieved June 6, 2025 from https://www.ohchr.org/en/what-are-human-rights#:~:text=Human%20rights%20are%20rights%20we,of%20international%20human%20rights%20law
    13. Rojas, R.; McGee, J.; Lee. E.; & Cavendish, S. (2020). When Nashville Bombing Hit a Telecom Hub, the Ripples Reached Far Beyond. New York Times. Retrieved June 5, 2023 from https://www.nytimes.com/2020/12/29/us/nashville-bombing-telecommunications.html
    14. The United Nations Office at Geneva. (2024). Cyberattacks on healthcare: A global threat that can’t be ignored. UNGENEVA. Retrieved November 10, 2024 from https://www.ungeneva.org/en/news-media/news/2024/11/100103/cyberattacks-healthcare-global-threat-cant-be-ignored
    15. Zabel, L. (2014). The Value of Personal Medical Information: Protecting Against Data Breaches. National Association of Healthcare Access Management (naham). Retrieved May 23, 2025 from https://www.naham.org/page/ConnectionsThe-Value-of-Personal-Medical-Information
Public Law Studies Quarterly

Articles in Press, Accepted Manuscript
Available Online from 23 August 2027
Files
History
  • Receive Date: 30 November 2024
  • Revise Date: 25 May 2025
  • Accept Date: 04 August 2025
Share
How to cite
Statistics