Reducing cyberattacks on Canadian health systems

Cyberattacks targeting health information systems can cause considerable damage and stress, but there are ways to reduce the risk of these events, write authors in CMAJ (Canadian Medical Association Journal).

“With respect to cybersecurity, a bit of prevention is worth a terabyte of cure,” writes Vinyas Harish, MD/PhD candidate at the University of Toronto’s Temerty Faculty of Medicine, with coauthors, in an article outlining the impact of cyberattacks on Canadian health information systems and how clinicians in hospitals and individual clinics can improve their cybersecurity practices.

This advice is particularly relevant, with several hospitals in southwestern Ontario reporting a recent cyberattack that has caused substantial disruptions in patient care.

The authors outline stages to help navigate cyberattacks, based on the US National Institute of Standards and Technology’s Cybersecurity Framework:

  • Prevention — be vigilant for phishing emails, use strong password and 2-factor authentication, ensure adequate network protection and other actions. This includes creating a cyberattack plan to use in case of an event.
  • Detection — use antivirus software and be alert to suspicious activities, such as barred access to files, installation of unrecognized software and more.
  • Response — immediately disconnect devices from the Internet, activate your cyberattack plan and notify individuals affected by the attack.
  • Recovery — this depends heavily on having health information systems that allow for restoration from back-ups, ensuring external vendors help with data recovery and conducting an internal debrief on the response.

“Preventing cyberattacks involves navigating trade-offs between keeping workflows efficient and reducing risk amid threats that are growing in frequency, severity and sophistication. As national and regional policies develop, health organizations, practices and individual clinicians must take a proactive approach to improving their cybersecurity posture,” the authors conclude.

Cyberattacks on Canadian health information systemsis published November 20, 2023.