In dealing with cyber attacks against healthcare institutions, states should rely on international law and strengthen the obligation of due diligence.