Cybersecurity in healthcare is no longer just about protecting data; it is about safeguarding patients, maintaining public trust and ensuring that hospitals and clinics can keep their doors open.
In Canada, the reality has already hit home. In October 2023, a ransomware attack crippled IT systems for five hospitals in southwestern Ontario, forcing cancellations of surgeries and appointments and plunging facilities into “Code Grey.” The attackers also stole personal health information from more than 516,000 patients, and recovery took weeks.
This is not an isolated case. Toronto’s SickKids Hospital was locked down by ransomware in December 2022, delaying treatment for children until the attackers, in an unusual move, issued an apology and a free decryption key.
In Newfoundland and Labrador, an October 2021 cyberattack paralyzed the provincial health network, delaying thousands of procedures and costing an estimated $16 million.
Globally, the trend is just as stark. A single breach last year at U.S. healthcare IT provider Change Healthcare compromised nearly 193 million patient records, which was the largest healthcare data breach on record. The UK’s National Health Service was similarly hit by WannaCry in 2017, forcing the cancellation of about 19,000 appointments and costing an estimated $175 million.
Against this backdrop, the Canadian Cybersecurity Network (CCN), Canada’s largest cybersecurity community, launched its Pulse Check – National Cybersecurity in Healthcare Report on Oct. 14 at the InCyber conference in Montreal.
“Cybersecurity in healthcare is about more than data, it’s about patient safety, public trust, and the resilience of Canada’s most critical sector,” says François Guay, founder and CEO of CCN. “Every healthcare worker, policymaker and leader has a role to play in protecting our healthcare system.”
Adding a business perspective, Elias Diab, vice-president of cybersecurity at Accerta, emphasizes the need for defense-in-depth: “Every cyber defence is another layer of protection around public health.”
And from the frontline, Benoit Desjardins, MD, PhD, professor and CMIO of radiology at University of Montreal (CHUM), points to the human impact: “Canada’s healthcare system is already stretched thin — facing staff shortages, long wait times and rising demand. The last thing it needs is a cyberattack that shuts down hospitals or exposes patient data.
“Without a dedicated national report on cybersecurity in healthcare, we’re ignoring a growing threat that could push the system past its breaking point. Inaction isn’t just risky; it’s dangerous. We need a unified, national response to protect what’s left of a system Canadians rely on every day.”
