The United States notes with concern the warning from the Czech Republic’s National Cyber and Information Security Agency of a “real threat of serious cyber attacks” against its healthcare sector. As the world battles the COVID-19 pandemic, malicious cyber activity that impairs the ability of hospitals and healthcare systems to deliver critical services could have deadly results. Anyone that engages in such an action should expect consequences. We call upon the actor in question to refrain from carrying out disruptive malicious cyber activity against the Czech Republic’s healthcare system or similar infrastructure elsewhere. We also call upon all states not to turn a blind eye to criminal or other organizations carrying out such activity from their territory.

The United States has zero tolerance for malicious cyber activity designed to undermine U.S. and international partners’ efforts to protect, assist, and inform the public during this global pandemic. Such activity against critical civilian infrastructure is deeply irresponsible and dangerous. The United States promotes a framework of responsible state behavior in cyberspace, including nonbinding norms regarding states refraining from cyber activities that intentionally damage critical infrastructure and knowingly allowing their territory to be used for malicious cyber activities. When states do not abide by this framework, we hold them accountable.