Harry Moroz, Med–1, Publication Lead
The Paradox of EMRs
Electronic Medical Records (EMRs) stand as a beacon of progress in the healthcare landscape, promising efficiency, improved patient care, and streamlined processes for medical practitioners. However, the adoption of EMRs is shrouded in a dilemma. While these digital repositories of patient information hold immense potential, concerns about privacy and security persist, deterring some healthcare institutions from wholeheartedly embracing this technological advancement1,2. Safeguarding vast quantities of sensitive health data scattered across different locations presents a formidable challenge, one that has gained heightened significance in light of recent cyberattacks. In recent years, Canada’s and Montreal’s healthcare landscape became the battleground for a new kind of threat – cyberattacks targeting medical records. Several hospitals have been victims of these attacks, causing delays in care and costing institutions thousands to millions of dollars. Canada is not alone; there has been an emergence of attacks across North America, with the biggest attacks targeting 400 hospitals in the United States in a single day3,4.
Eroding Trust
The consequences of cyber intrusions extend beyond the immediate disruption of services. In the shadows of compromised servers lies a growing concern for patient confidentiality. Ransomware attacks have become a dark cloud over the healthcare sector, with nefarious actors demanding hefty sums to restore access to crucial medical records. The very essence of patient trust erodes as institutions grapple with the decision to pay these ransoms or face prolonged disruptions. Public trust, a cornerstone of effective healthcare delivery, falters as news of these attacks’ surfaces1,5.
Shutting Down Servers Amid Cyber Chaos
The cybersecurity landscape leaves healthcare institutions with no choice but to respond decisively. In a bid to contain the threat, hospitals disconnect from the internet and shut down servers, essentially turning themselves into islands isolated from the broader network. Surgery and clinical activities continue, but scheduling and communication systems face temporary suspensions, disrupting the usual flow of operations1.
Timeline showing different cyberattacks on Canadian Health Facilities 1
Guardians of the Data
The question that echoes in the corridors of Montreal’s hospitals is: How can we protect our data infrastructure from these relentless cyber onslaughts?
Potential solutions come into focus. Hospitals are implementing proactive measures, isolating anomalies, and securing critical data. Dr. Lawrence Rosenberg, President and CEO of the CIUSSS West-Central Montreal which faced several cyberattacks, emphasized the importance of swift responses, acknowledging the cyber anomaly, disconnecting from the network, and ensuring patient care remains paramount6. The key is a proactive protocol and quick detection. As Montreal’s healthcare institutions navigate the aftermath of cyber threats, there’s a call for a collective effort to fortify the digital shield protecting patient information. Increased investment in robust cybersecurity infrastructure, employee training, and adopting best practices from global models could serve as formidable defences. Even at an individual level reinforcement efforts should be made to inform clinicians and health organizations about how to be vigilant, and address the emerging risks associated with Internet-connected devices by being alert of recalls, software updates, and two2-factor authentication1,4,7.
Navigating the Future of Healthcare Security
Safeguarding patient records from cyberattacks is akin to building a digital immune system to fend off online infections, where both body and disease compete in evolution. The paradox of EMRs persists, but the commitment to finding solutions also endures. In the face of this digital battleground, healthcare providers, administrators, and policymakers must unite to navigate a future where the benefits of EMRs can be harnessed without compromising the sanctity of patient information. As the healthcare sector in Montreal rises to meet these challenges, it stands at the forefront of a broader global conversation on the intersection of technology and healthcare security.
References
1. Harish V, Ackery A, Grant K, Jamieson T, Mehta S. Cyberattacks on Canadian health information systems. CMAJ [Internet]. 2023 Nov 20 [cited 2023 Nov 24];195(45):E1548–54. Available from: https://www.cmaj.ca/content/195/45/E1548
2. TU THANH HA AND COLIN FREEZE. Quebec health network targeted by cyberattack. The Globe and Mail [Internet]. 2020 Oct 29 [cited 2024 Feb 2]; Available from: https://www.theglobeandmail.com/canada/article-quebec-health-network-targeted-by-cyberattack/
3. Security CC for C. National Cyber Threat Assessment 2023-2024 [Internet]. Canadian Centre for Cyber Security. 2022. Available from: https://www.cyber.gc.ca/en/guidance/national-cyber-threat-assessment-2023-2024
4. Aaron Derfel . Cyber attack hits Jewish General’s IT network, but no ransom demanded [Internet]. montrealgazette. 2020. Available from: https://montrealgazette.com/news/local-news/jewish-general-hospitals-it-network-incapacitated-by-computer-virus
5. Joshua Freeman. Five Ontario hospitals say data stolen in cyberattack has been published online [Internet]. Toronto. 2023 [cited 2024 Feb 2]. Available from: https://toronto.ctvnews.ca/5-ontario-hospitals-say-data-stolen-in-cyberattack-has-been-published-online-1.6628608
6. Rukavina S. Montreal’s west end health agency just beginning to come back online, weeks after cyber-attack [Internet]. CBC. 2020 [cited 2024 Feb 2]. Available from: https://www.cbc.ca/news/canada/montreal/montreal-s-west-end-health-agency-just-beginning-to-come-back-online-weeks-after-cyber-attack-1.5805322
7. Keshta I, Odeh A. Security and privacy of electronic health records: Concerns and challenges. Egyptian Informatics Journal [Internet]. 2021;22(2):177–83. Available from: https://www.sciencedirect.com/science/article/pii/S1110866520301365