By: Kate Fazzini

Another wave of ransomware against hospitals and health systems this year — disrupting care, diverting ambulances, and exposing patient data — has revived the argument that healthcare cybersecurity can no longer be treated as voluntary.

A Council on Foreign Relations analysis pressed for mandatory baseline standards tied to the sector's status as critical infrastructure, paired with support for the under-resourced rural and community providers that attackers increasingly target. The piece stressed that ransomware in healthcare is not merely a data-protection problem; it is a patient-safety problem, which changes the calculus for regulation.

JLCW authors made this case early. "The Ransomware Assault on the Healthcare Sector" (Volume 6, Issue 2) laid out why the sector's mix of legacy systems, life-critical uptime requirements, and rich data makes it a standing target — and why breach-notification safe harbors and security baselines matter here more than almost anywhere else.

For the full treatment, see the Journal of Law and Cyber Warfare, Volume 6, Issue 2. – Kate Fazzini