Healthcare Is 20 Years Behind Banks on Cybersecurity in Canada, Experts Say

Hospitals and clinics in Canada can”t cope with growing cyber threats amid the COVID-19 pandemic, say healthcare and cybersecurity professionals. The reason? Healthcare institutions spend a bare minimum on IT, putting every dollar to front-line care services. Criminals know this – and are increasingly exploiting it.

A CBC Canada report reveals that the country”s health system has been under siege from cybercriminals trying to steal patient information and other data in recent years.

The report highlights several recent incidents, including last year”s hit on LifeLabs, a Canadian diagnostic and specialty testing company, ransomware attacks on three Ontario hospitals in October, the hack of eHealth Saskatchewan earlier this year, and an incident at a medical center in Nova Scotia that exposed personally identifiable information about surgeries.

With cybersecurity incidents growing in number, the federal government’s Canadian Centre for Cybersecurity warned health organizations involved in the national response to COVID-19 to watch out for cyber-attacks, including ransomware and “sophisticated threat actors” that may try to steal intellectual property related to COVID-19 research and development.

Even if they take the alert seriously, medical institutions have a very big problem on their hands: no money to hire skilled IT personnel or to buy cyber-safeguards. All while medical records fetch up to $200 on the dark web because they give malicious actors immense leverage in fraud campaigns.

The CBC report aggregates expert opinions, including one from Raheel Qureshi, co-founder of a cybersecurity consulting firm that deals with hundreds of health organizations across the country. Qureshi says the healthcare sector is targeted more than any other industry in Canada, accounting for 48 per cent of all security breaches in the country last year. Most notably, he had the following to say about hospitals in the context of cybersecurity:

“A lot of health-care organizations are still in the middle of some kind of security road map, or they’re starting the conversation now to understand, ‘What do we need to do?’ Banks started doing this 15, 20 years ago.”

And it”s true. A hospital is the last place you”ll find a team of IT gurus trained in cybersecurity matters, yet hospitals need these resources now more than ever.

And it”s not just Canada that needs to up the ante in the cybersecurity department. Hospitals and healthcare facilities around the world are prime targets of a wave of cyberattacks, including ransomware attacks, Bitdefender telemetry shows.

We”ve also seen the number of cyberattacks and ransomware incidents directly targeting healthcare increase significantly over the past couple of months. For instance, the number of global cyberattacks targeting hospitals in March increased by almost 60 percent from February, marking the highest spike in our global evolution of cyberattacks detected at hospitals over the past 12 months. Learn more in the Bitdefender Labs research, “Global Ransomware and Cyberattacks on Healthcare Spike during Pandemic.”