The Oxford Institute for Ethics, Law and Armed Conflict (ELAC) is pleased to announce that it has published the final report for the project ‘The International Law Protections against Cyber Operations Targeting the Healthcare Sector’, which was supported by the Government of Japan. Since the start of the COVID-19 pandemic, there has been a marked global increase in cross-border malicious cyber operations against the healthcare sector. The targets of these operations include hospitals and other healthcare providers, research institutes and pharmaceutical companies, medical suppliers and distributors, health ministries and regulators, the World Health Organization, and even the public. These operations have variously disrupted the provision of healthcare, compromised sensitive digital information, and have brought about the spread of false health-related information––all hindering public health.
Against this backdrop, the report seeks to clarify the applicability of existing rules of international law to various kinds of cyber operations facing the healthcare sector. The focus of the report is the international rules applicable to state conduct in peacetime, namely the prohibition of the threat or use of force under Article 2(4) of the UN Charter and under customary international law, the customary prohibition of intervention in the internal or external affairs of a state, the prohibition of other relevant conduct as a consequence of the sovereignty of a state over its territory, and relevant obligations under international human rights law, that is obligations relating to the right to life, the right to health, the right to privacy, and the rights to freedom of expression and information. While cyber operations in the healthcare context may not always be easily found to be in breach of some rules or regimes of international law, they may nevertheless involve the breach of other relevant rules or regimes.
The report was authored by Priya Urs, Talita Dias, Antonio Coco and Dapo Akande.