As Canadian health systems add new technologies such as electronic medical records (EMR), care coordination platforms, wearables, remote patient monitors, and -internet-of-things devices, cyberattacks pose new privacy and financial risks for patients, providers, and institutions, according to a new analysis.
Canadian physicians, whether in large hospitals or individual clinics, can improve their ability to prevent and respond to a cybersecurity attack through a four-stage plan, the authors wrote.

Vinyas Harish
"We have worked hard to write this piece in a way that clinicians, whether they work at a large academic institution with dedicated cybersecurity expertise or by themselves in a rural, private practice, can take away tangible and practical measures to improve their cybersecurity posture," author Vinyas Harish, an MD/PhD student at the University of Toronto’s Institute of Health Policy, Management, and Evaluation, Toronto, Ontario, Canada, told Medscape Medical News.
The analysis was published online November 20 in CMAJ.
Four-Stage Plan
Since 2015, Canadian health information systems have faced at least 14 major cyberattacks, including nine with ransomware or malware threats and six data breaches that compromised personal health information. These types of attacks are increasing, and even if no ransom is paid, cyberattacks can lead to health system downtime, patient safety concerns, and technology vulnerabilities.