Healthcare’s Cyber Crisis: Why Every Worker Is Canada’s First Line of Defense
A single click can cancel a surgery. A single phishing email can shut down a hospital
Cybersecurity in healthcare is no longer just about protecting data; it is about safeguarding patients, maintaining public trust, and ensuring that hospitals and clinics can keep their doors open.
In Canada, the reality has already hit home. In October 2023, a ransomware attack crippled IT systems for five hospitals in southwestern Ontario, forcing cancellations of surgeries and appointments, and plunging facilities into “Code Grey”. The attackers also stole personal health information from more than 516,000 patients, and recovery took weeks. This is not an isolated case. Toronto’s SickKids Hospital was locked down by ransomware in December 2022, delaying treatment for children until the attackers, in an unusual move, issued an apology and a free decryption key. In Newfoundland and Labrador, an October 2021 cyberattack paralyzed the provincial health network, delaying thousands of procedures and costing an estimated $16 million.
Globally, the trend is just as stark. A single breach last year at U.S. healthcare IT provider Change Healthcare compromised nearly 193 million patient records, which was the largest healthcare data breach on record. The UK’s National Health Service was similarly hit by WannaCry in 2017, forcing the cancellation of about 19,000 appointments and costing an estimated £92 million.
Against this backdrop, the Canadian Cybersecurity Network (CCN), Canada’s largest cybersecurity community, will launch its Pulse Check – National Cybersecurity in Healthcare Report on October 14 at the InCyber conference in Montreal. “Cybersecurity in healthcare is about more than data, it’s about patient safety, public trust, and the resilience of Canada’s most critical sector,” says François Guay, Founder and CEO of CCN. “Every healthcare worker, policymaker, and leader has a role to play in protecting our healthcare system.” Adding a business perspective, Elias Diab, VP of Cybersecurity at Accerta, emphasizes the need for defense-in-depth: “Every cyber defence is another layer of protection around public health.”
And from the frontline, Benoit Desjardins, MD, PhD, Professor and CMIO of Radiology at University of Montreal (CHUM), points to the human impact: "Canada’s healthcare system is already stretched thin—facing staff shortages, long wait times, and rising demand. The last thing it needs is a cyberattack that shuts down hospitals or exposes patient data. Without a dedicated national report on cybersecurity in healthcare, we’re ignoring a growing threat that could push the system past its breaking point. Inaction isn’t just risky, it’s dangerous. We need a unified, national response to protect what’s left of a system Canadians rely on every day.”
The Canadian Cybersecurity Network urges national collaboration and investment in five key areas:
The message is clear: healthcare cybersecurity is a matter of patient safety, public confidence, and national security. Investing in training, leadership engagement, and resilient systems is no longer optional. It demands immediate action from every level of Canada’s healthcare system.
Download the free report here: canadiancybersecuritynetwork.com/pulse-check