The Covid-19 Pandemic has highlighted how important the healthcare sector is as critical infrastructure. It has also revealed how vulnerable the healthcare critical infrastructure is to malicious cyber operations. The number of cyber operations against the healthcare sector has increased substantially since the onset of the pandemic, seemingly unregulated by international law, particularly jus ad bellum. This paper argues that cyber operations that target or intend to target healthcare critical infrastructure should be treated as a use of force and armed attack because any intentional disruption to business continuity can and will cause physical harm and potential loss of life. Using the 2017 WannaCry Ransomware attack on the United Kingdom as a case study, this paper analyzes four approaches to classifying a cyber operation as a use of force and armed attack. The first approach is the Instrument Based Approach, which emphasizes a textual reading of the United Nations Charter. The second approach is the Strict Liability Approach, which treats all cyber operations against critical infrastructure as an armed attack. Third, the Effects Based Approach endorsed by the Tallinn Manual 2.0 on the International Law Applicable to Cyberspace, which emphasizes the scale and effect of a cyber operation. Fourth, the Cyber Physical System Approach, which emphasizes the intent of the attack. Finding these approaches insufficient, this paper advocates for a Healthcare Based Approach which would consider any cyber operation rising above the level of espionage on healthcare critical infrastructure as an armed attack.