The health-care system in Canada is facing an urgent need to adopt stronger security practices, as cyberattacks continue to escalate across the country. Experts warn that these attacks, including data breaches and ransomware incidents, are becoming increasingly common and pose a significant threat to the integrity of health information systems.
According to an article published in the Canadian Medical Association Journal, Canada has witnessed at least 14 major cyberattacks targeting health information systems since 2015. These attacks have resulted in significant disruptions, such as the recent ransomware attack on five Ontario hospitals and their IT provider, leading to the postponement of surgeries and appointments.
The vulnerability of the Canadian health-care system is further highlighted by a cybersecurity breach in May, where personal health information of approximately 3.4 million individuals seeking pregnancy care and advice in Ontario was compromised.
Canada currently ranks 10th globally in breach count, with over 207.4 million compromised accounts since 2004, according to Surfshark’s annual index on digital well-being. This statistic underscores the urgent need for improved security measures within the country.
The co-authors of the CMAJ article emphasize that while the digitization of health information systems has brought conveniences and enhanced care, it has also introduced significant security risks. Many health organizations rely on outdated systems and lack comprehensive information technology training for clinicians, making them attractive targets for cybercriminals.
To address these challenges, the federal government has proposed legislation, Bill C-26, to provide Ottawa with new powers to tackle cyberattacks and protect critical infrastructure. However, the authors highlight the importance of including health organizations in this legislation and improving coordination between federal, provincial, and territorial governments to establish common security standards.
In this rapidly evolving threat landscape, doctors, clinics, and hospitals can take proactive measures to mitigate cyber risks. The U.S. National Institute of Standards and Technology recommends four key measures: installing anti-virus and VPN software, remaining vigilant against phishing emails, employing strong passwords and two-factor authentication, and conducting regular antivirus and malware scans.
Furthermore, in the event of a cyberattack, immediate actions such as disconnecting affected machines, transitioning to alternative workflows if access to electronic medical records is lost, and contacting relevant authorities like the Canadian Medical Protective Association and law enforcement are vital.
As technology continues to advance, the health-care system in Canada must prioritize cybersecurity measures to safeguard patient data and ensure seamless care delivery. By adopting robust security practices, healthcare organizations can protect themselves and their patients from the growing threat of cyberattacks.
What is Bill C-26?
Bill C-26 is a proposed legislation in Canada that aims to provide the federal government with new powers to address cyberattacks and protect critical infrastructure. It includes provisions related to telecommunications, pipelines, nuclear energy, federally regulated transportation, and banking, but does not currently encompass health organizations.
What are the recommended measures to mitigate cyber risks?
The U.S. National Institute of Standards and Technology recommends four key measures: installing anti-virus and VPN software, remaining vigilant against phishing emails, employing strong passwords and two-factor authentication, and conducting regular antivirus and malware scans.
What immediate actions should be taken in the event of a cyberattack?
In the event of a cyberattack, it is crucial to disconnect affected machines from the internet and shut them down. If access to electronic medical records is lost, transitioning to alternative workflows, such as using paper records, is advised. Relevant authorities, such as the Canadian Medical Protective Association and law enforcement, should be contacted promptly to report the incident.