NATO Allies Say Cyberattacks on Hospitals Are Acts of War

Here’s something that might surprise you: if a foreign government launched a missile at a hospital, every NATO country would treat it as an act of war. But what happens when that same government takes down a hospital’s entire network with a cyberattack, putting patients’ lives at risk?

According to new polling from POLITICO, most people across NATO’s biggest member nations think cyberattacks on hospitals should carry the same weight as a physical attack. And honestly, they have a point.

What the Polling Found

The POLITICO Poll surveyed people in the United States, Canada, France, Germany, and the United Kingdom. The results were pretty clear: a majority of respondents in every country agreed that a cyberattack shutting down hospitals or power grids constitutes an act of war.

Canadians felt the strongest about it, with 73 percent agreeing. Respondents across all five countries also said that sabotaging undersea cables or energy pipelines should be treated as acts of war too. That’s notable because these types of attacks have become more frequent in recent years.

The Gap Between Public Opinion and Government Action

Here’s where things get frustrating. While the public sees these cyberattacks as clear-cut aggression, NATO governments have been slow to treat them that way. Cyber operations exist in this gray zone where traditional rules of warfare don’t quite apply, and attackers know it.

Russia and China have been the most prolific state-sponsored cyber actors targeting Western infrastructure. Russian-linked groups have hit hospitals during the pandemic, disrupted energy grids in Ukraine, and probed critical infrastructure across Europe. Chinese state hackers have been caught inside U.S. water systems, telecommunications networks, and power grids through campaigns like Volt Typhoon.

The problem isn’t that NATO can’t respond. U.S. Cyber Command and the National Security Agency have significant offensive capabilities. They reportedly helped disable Iranian air defense systems during missile strikes last year. The issue is that governments haven’t established clear red lines for when a cyberattack crosses the threshold from espionage into warfare.

Why Hospitals Are the Flashpoint

Hospitals are uniquely vulnerable, and that’s exactly why they keep getting targeted. When ransomware takes down a hospital network, it’s not just an inconvenience. Surgeries get delayed. Emergency rooms divert patients. Critical monitoring systems go offline. People can die.

In 2020, a ransomware attack on a German hospital forced an emergency patient to be rerouted to another facility 20 miles away. The patient died. While investigators couldn’t directly link the death to the cyberattack, it illustrated just how dangerous these incidents can be.

Since then, hospital cyberattacks have only gotten worse. The healthcare sector saw a record number of ransomware incidents in 2025, with attackers knowing that hospitals are more likely to pay ransoms because lives are literally on the line.

What Would Treating It as an Act of War Actually Mean?

This is the trillion-dollar question. If NATO officially classified cyberattacks on critical infrastructure as acts of war, it could theoretically trigger Article 5, the alliance’s collective defense clause. That would mean an attack on one member’s hospital network could require a military response from all 32 members.

NATO has already acknowledged that cyberattacks can trigger Article 5. Back in 2021, the alliance updated its policy to state that a significant cyberattack could be treated as an armed attack. But “significant” is doing a lot of heavy lifting in that sentence. Who decides what’s significant enough? A ransomware gang acting independently? A state-sponsored group with plausible deniability? Attribution in cyberspace is notoriously difficult.

Some experts argue that establishing clearer thresholds would actually deter attacks. Others worry it could escalate tensions, forcing military responses to incidents that might be better handled through diplomacy or sanctions.

Key Takeaways

• Public consensus is clear: Majorities across five NATO countries believe cyberattacks on hospitals and critical infrastructure should be considered acts of war.
• Governments lag behind: Despite growing threats from Russia and China, NATO allies still haven’t established clear red lines for cyber warfare.
• Hospitals remain prime targets: Healthcare cyberattacks hit record levels in 2025, with attackers exploiting the life-or-death urgency to extract ransoms.
• The deterrence question: Clearer classification of cyberattacks as warfare could deter adversaries, but raises questions about escalation and attribution.

Watch the Full Episode

For a deeper dive on national security threats and how adversaries target critical systems, check out this episode of The NDS Show: