Top NATO Allies Believe Cyberattacks on Hospitals Are an Act of War. They’re Still Struggling to Fight Back.

The health sector has become a prime target in the evolving landscape of hybrid warfare, where state‑backed actors blend cyber intrusion with disinformation and physical disruption. Recent ransomware incidents that crippled emergency rooms underscore how a single breach can cascade into life‑threatening delays, prompting citizens to equate these assaults with traditional acts of war. This perception is now reflected in a POLITICO poll, which shows a clear majority across NATO’s core members demanding a stronger, war‑like response to protect hospitals.

NATO’s current posture, however, is constrained by a complex web of international law, attribution challenges, and the alliance’s consensus‑driven decision‑making process. Determining the origin of a cyberattack often requires weeks of forensic analysis, while political considerations can delay collective retaliation. Moreover, member states differ on the threshold for invoking Article 5, leaving the alliance to rely largely on defensive measures, information sharing, and capacity‑building programs that fall short of the punitive response the public expects.

The growing disconnect between public opinion and NATO’s measured stance could catalyze a shift in policy. Pressure from governments and civil society may accelerate investments in joint cyber‑defense architectures, standardized incident‑response protocols for hospitals, and clearer rules of engagement that treat critical infrastructure attacks as hostile acts. Such reforms would not only reinforce deterrence but also signal to adversaries that the alliance is prepared to defend the very services that sustain societies during crises.