Healthcare is one of the most cyber-attacked industries, globally. As witnessed by the $7.5 million ransomware attack on Southwestern Ontario hospitals in 2023, these attacks create havoc, including delayed surgeries, forced emergency diversions, and altered treatment plans, which directly endanger patients. Further, AI is amplifying this threat by offering the ability to produce sophisticated malware, craft convincing phishing emails, and produce deepfakes of healthcare leaders, making scams harder to detect and attacks more scalable. Generative AI also enables attackers to impact clinical algorithms, create fake authorizations, or exploit stolen patient data to craft highly targeted lures.
Canada saw a 25% increase this year in attacks, reflecting renewed focus on regional hospital networks by extortion-focused groups.
Jane Arnett
I asked Jane Arnett, Cybersecurity Evangelist for Check Point Software in Canada, to comment on the rise of cybercrime for Canadian hospitals, how AI is reshaping hospital security and what Canadians should do if personal data – of any kind – is compromised.
Rise of Cybercrime for Hospitals
“Hospitals store large volumes of personal health information, financial data, and diagnostic results, which attackers can gather for resale, blackmail, or identity theft,” began Arnett. “In the past year, 92% of healthcare organizations experienced at least one cyber incident, exposing more than 276 million patient records worldwide. In North America, healthcare systems remain a prime target for ransomware gangs, with 2,306 weekly attacks driven by the value of high-risk data and insurance-heavy hospital networks. Canada has seen a 25% increase in attacks this year,” shared Arnett.
Said Arnett, “Hospitals are mission-critical: outages and system downtime risk lives and often provoke ransom payments because attackers see them as lucrative targets.”
Arnett further explained, “Additionally, smaller regional hospitals often share infrastructure services and have weaker, outdated systems, misconfigurations, insufficient patching, and poor network segmentation, which can continue to exacerbate risk and make them prime targets for attack.”
“In Canada, many hospitals, especially regional ones, also lack sufficient funding, staff, executive focus, and up-to-date cyber security infrastructure or teams,” desrcribed Arnett. “When a shared service provider is compromised, many hospitals are impacted simultaneously. For example, in late 2023, shared IT/supply support to five southwestern Ontario hospitals led to a ransomware attack and the theft of over 325,000 patient files as a result.”
AI is Reshaping Hospital Security in Canada and Beyond
“Artificial intelligence is significantly transforming hospital security by enhancing both physical and cyber defenses,” stated Arnett. “In physical security, AI-powered sensors are being deployed in emergency departments to identify potential threats like weapons. For instance, Windsor Regional Hospital’s “Evolv Weapons Detection System” detected 3,155 threats, including 1,834 knives, in one year alone. Nova Scotia is also piloting similar AI weapons detection in hospitals to quickly flag dangerous items without manual scanning, improving safety and efficiency.”
Arnett explained, “Beyond physical security, AI is crucial in cyber security and threat detection. Hospitals are using AI and machine-learning systems to analyze patterns, user behaviour, and network traffic. This allows them to detect anomalies like unusual file access or ransomware activity, and monitor medical devices for vulnerabilities. These AI systems can identify threats much faster than human-only methods, helping to preempt cyber attacks.”
Added Arnett, “AI also contributes to broader operational and clinical safety through predictive analytics for patient deterioration, process automation, and optimizing staff scheduling to manage risks.”
As human error remains a key vulnerability to hospital security, training is critical.
Arnett remarked, “Up to 95% of healthcare breaches are attributed to accidental or unintentional actions by employees, such as falling for phishing emails, social engineering, or using weak passwords. This makes staff education more critical than ever.”
Specifically, Arnett shared, “Hospitals are now implementing regular, role-based training, including simulated attacks, mock phishing drills, and scenario-based exercises, to help staff recognize and respond to threats. This education must extend beyond IT and clinical leadership to all personnel, including front-line and administrative staff, as attackers often target the least protected access points.”
AI Used to Protect Patient Safety
“AI-powered strategies can significantly enhance patient safety by focusing on prevention through early detection,” stated Arnett. “By monitoring network traffic, user behaviour, and device activity in real time, AI systems can instantly identify unusual patterns like unauthorized access or data exfiltration. This allows for immediate alerts and automated containment, limiting potential damage before it can spread to critical patient care systems.”
“Another key strategy is implementing zero-trust architecture and network segmentation, both of which are strengthened by AI,” explained Arnett. “AI can enforce the principle of least privilege, identify credential abuse, and require continuous verification for access. It also helps segment clinical devices from administrative networks, which prevents the lateral spread of any security breach. Furthermore, AI can proactively assess medical devices by evaluating firmware for vulnerabilities and monitoring their operational health to ensure they haven’t been tampered with.”
“Finally, AI plays a crucial role in ensuring operational continuity and safe fallback planning,” said Arnett. “It can be used for predictive maintenance on essential equipment, anticipating when systems might become overloaded or vulnerable. By predicting potential staffing or resource gaps, AI enables safety protocols to be activated proactively, ensuring that patient care remains uninterrupted and secure.”
-30-
More on Cybersecurity
