The head of the country’s .ca registry says the biggest obstacle to improving the cyber security of Canadian hospitals is a “lack of focus” from management and a lack of funding.
Brian Holland, Chief Executive Officer (CEO) of. Canadian Internet Registration Authority (CIRA) told Tuesday’s Globe and Mail webinar on cyber security in the healthcare sector that less than 30 percent of all organizations in this country have suffered a data breach.
“If a third of the homes were demolished, or a third of the businesses and hospitals were [physically] Criminalisation, would be an incredible uproar,” he argued.
But in the digital world people don’t see the impact, so there is little support for more resources. Holland said that CIOs and IT professionals in healthcare told CIRA the number one reason hospitals find it difficult to fight cyberattacks is a “lack of focus and money” to upgrade the systems and technologies to keep up with the volume of attacks. Can be put
Hospital management needs “a mindset upgrade”, he said. Cyber security is “an executive problem. It’s a CEO, senior executive board problem, because there is liability and fiduciary risk at the top of the organization.”
They need to understand that the solution is taking overall security seriously – everything from setting up multi-layered defense in depth to DNS hardened firewalls, multifactor authentication and access control. These are “table stakes,” he said.
But he also said that cyber security “isn’t just an IT problem.”
In fact he claimed that “most compromises are happening now because people are compromising, not a firewall or a piece of technology.” Hence cyber security awareness training is also important, he said.
Panel members included Jeff Curtis, Toronto’s chief privacy officer. Sunnybrook Health Sciences Center; Steven Tam, Chief Data Governance and Privacy Officer Vancouver Coastal Health, which oversees all hospitals in the Vancouver area; and Huda Idris, CEO of dot healthMobile healthcare solutions provider for individuals and healthcare providers.
Hospitals and clinics have long been targets of hackers, who believe the institutions are more willing than others to pay for the return of stolen data. For-profit hospitals and clinics are viewed as sources of credit and debit card information in addition to sensitive medical data on patients. Nonprofit hospitals often don’t have the money to make cyber security a priority.
Toronto’s hospital among Canadian hospitals hit recently hospital for sick children and Lindsey, Ont. Ross Memorial Hospital. In the US, where for-profit hospital chains serve millions of people, California-based Regal Medical Group iNow sending data breach notices for over three million patients after suffering a ransomware attack late last year.
One of the worst attacks in Canada happened in 2021 in Newfoundland and Labrador, When attackers copied patient and staff data from the provincial system,
It is not only the hospitals that have been affected. In 2019, hackers accessed the medical lab results of 15 million Canadians when LifeLabs, the country’s largest medical lab serving doctors, was hacked. The privacy commissioners of Ontario and British Columbia said the company failed to comply with provincial data health protection laws.
“Despite the billions of dollars in annual health spending in Canada,” Holland told the panel, “funding for cyber security is falling short.”
He found support for this from Indies, who said Ontario alone spends $70 billion a year on healthcare. “I don’t think it’s a lack of money. It’s just that people don’t think it [cybersecurity] Quite significant.” While the province has established a digital health information exchange, she said spending on “practical, concrete pieces of software or training … is critically low.”
Curtis said the problem would be exacerbated by hospitals spending more on IT in general. Funding for cyber security has to be targeted.
However, he also said that more institutions should adopt the shared system for better security. For example, Ontario has shared diagnostic imaging services used by many hospitals and medical practitioners.
He and others pointed to a serious problem in Canadian hospitals: legacy software and hardware that hinder the adoption of more secure technologies.
Tam said hospital CEOs and CIOs need to separate cyber security from IT in their budgets.
Proper governance is also important, he said. “We need to come together to collectively tackle these issues, identify risks and identify solutions. If we are working together, we can also make improvements on our own.” [cybersecurity] Practice across the board. We have a diverse, comprehensive healthcare system. We need to think about how we govern our data and systems in the healthcare sector rather than one hospital at a time.