Skip to main content
  • Cybersecurity

Cybersecurity and healthcare: how to combat cyberthreats in the health sector

By Mark Brownlee

Few pieces of private information are more valuable to a cybercriminal than patient healthcare data.

Is anyone surprised, then, that healthcare providers are such a huge target for cyber attacks?

Cybersecurity in healthcare is an ongoing challenge that—like most problems facing the healthcare sector—has no simple solution.

But there are strategies that can help healthcare providers combat cyber threats without adding huge amounts of costs or interfering with the work of medical professionals in providing care to patients.

Cybersecurity challenges in healthcare

No sector is immune from cyber attacks.

But healthcare providers in particular face a slew of challenges that others do not.

High costs

Providing healthcare for patients is expensive. Unfortunately, the growing sophistication of cyber threats is only making the cost of providing healthcare—particularly in a way that respects patients’ privacy—even higher.

Funding crunch

Budgets are already strained providing care for patients, which frequently leaves little left over for protecting against cyber threats.

Technological friction

Making all the tools related to providing healthcare for patients work together is enough of a challenge on its own.

Adding in a layer of cybersecurity protection—particularly for healthcare workers who need to be able to provide care quickly and with minimal impediment—threatens to make it even more difficult to provide frontline healthcare.

Employee burnout

Many healthcare employees are stressed and burnt out following the COVID-19 pandemic.

That means there might be minimal amounts of energy left over for cybersecurity tactics, such as cybersecurity awareness training, that add a further burden on already-heavy workloads.

Why cybersecurity matters in healthcare

Protecting against cyber threats is not, traditionally, considered a key part of healthcare.

Here’s why that needs to change.

It’s part of a patient’s overall care

Protecting a patient’s private information should be just as much a part of their care as fixing their physical or mental ailments.

Lives are at stake

Cyber attacks such as malware and ransomware can cut off access to patient care when providers need it the most.

Healthcare providers are liable

Healthcare providers—and their staff, executives and board members—are leaving themselves open to lawsuits and other legal challenges.

Reputation matters

We don’t typically think of the role that patient choice plays in healthcare. But the fact is that people can choose where they want to receive their healthcare from.

This isn’t the same as, say, choosing which grocery store you choose to shop at – shortages of doctors and other health professionals, for example, means that not everyone even has a choice.

But the fact remains that patients do still have a choice. If a healthcare provider is victimized by a cyber attack, that could lead to patients “voting with their feet” and choosing care elsewhere.

Increased costs

Dealing with a cyber attack can lead to delays in providing patient care, which can in turn push already-stretched budgets even more to the brink.

How healthcare providers can protect against cyber threats

Here are ways healthcare providers can take action to protect patients from cyber attacks.

Find “low-friction” solutions

Healthcare providers need to be able to integrate cybersecurity solutions that don’t slow down care, reduce the functionality of equipment or add to the burden for busy healthcare staff.

That’s why it’s best to look for cybersecurity solutions that are “low-friction”.

What does that mean?

It means that cybersecurity solutions need to play nicely with equipment and processes that already exist in the healthcare space.

This is why cybersecurity tools like protected DNS can be so helpful.

Protected DNS is a way for network equipment to access the internet that does not affect their functionality. This means it has minimal impact on the normal functioning of equipment for providing patient care.

Another tool that’s low-friction is cybersecurity awareness training.

It protects at the human layer by teaching healthcare staff not to click on suspicious links and fall victim to other cyber threats. That means providers can implement it without needing to change the equipment they are using to provide care to patients.

Look for Canadian solutions

The rules surrounding data sovereignty in Canada get more stringent and complicated the more data you are storing in places other than Canada.

This also applies to cybersecurity tools, which can generate huge amounts of data.

Sending cybersecurity data outside the country is another layer of complexity healthcare providers don’t need.

That’s why having a Canadian cybersecurity solution—particularly one that respects data sovereignty requirements—is so valuable: it removes a layer of complexity from protecting healthcare providers from cyber threats.

Bring together human and technological layers of protection

Technology is a great tool for combatting cyber threats and should be a key piece of any Canadian healthcare provider’s cybersecurity strategy.

But technology isn’t enough, on its own, to protect healthcare providers.

The human layer of cybersecurity protection is critical for any organization in combatting cyber threats.

And it’s no different in healthcare.

What do we mean by protecting “the human layer” in cybersecurity protection?

Basically, it revolves around the idea that an organization’s people are a key method for cyber attackers to infiltrate an organization’s networks and devices.

The flip side of that, though, is that an organization’s people can also be their greatest strength for combatting threats.

The challenge for healthcare organizations is in finding ways to conduct “human-layer” tactics like cybersecurity awareness training without disrupting workloads or adding additional stressors to a frequently overburdened workforce.

This is where a cleverly constructed awareness training program can have an outsized impact. Tactics such as micro-learning (through tools such as shorter courses) and the gamification of training can help raise cybersecurity awareness levels even with a busy workforce.


The prospect of protecting Canadian healthcare organizations against cyber threats is daunting.

But it’s also not impossible.

Following these steps will set any healthcare provider on the path to protecting their reputations, their infrastructure and—most importantly of all—their patients’ private information.

You want to know more about this topic? CIRA is gathering experts to discuss “Cybersecurity and Canadian Health Care: Where do vulnerabilities lie?” on February 14, 2023 with the Globe and Mail.

Register for free here.

Looking for Canadian cybersecurity solutions for your healthcare organization? CIRA provides malware protection through its CIRA DNS Firewall solution, as well as its Cybersecurity Awareness Training platform.

About the author
Mark Brownlee

Mark Brownlee is a Product Marketing Manager with CIRA Cybersecurity Services. His work, which focuses on the CIRA DNS Firewall and Canadian Shield products, is dedicated to helping protect people and organizations in Canada from cyber threats. His background is in marketing strategy, communications planning and advertising best practices.