CyberStandardSummaryBrief

Summary: National standard for cybersecurity in healthcare

WHAT IS THE STANDARD FOR CYBER RESILIENCY IN HEALTHCARE?

CAN/DGSI 118: Cybersecurity: Cyber Resiliency in Healthcare is a set of recommendations, tools and resources designed to help organizations across Canada’s healthcare system manage the risks associated with the use of health information and information technology and protect their organizations from cybercrime. HealthCareCAN developed the standard in collaboration with the Digital Governance Council and it has been published as a National Standard of Canada.

WHY ARE HEALTHCARE ORGANIZATIONS HIGHLY TARGETED?

Cybercrime is of particular concern for the health sector because vulnerabilities threaten not only the security of information systems but also the health and safety of patients. Healthcare organizations use and depend on vast amounts of technology to provide care to patients, and the personal health information, intellectual property, and data these facilities hold are of high value to cyber criminals.

HOW DOES THE STANDARD WORK?

Providing guidance on how to identify, assess, and manage cyber risks in Canada’s healthcare organizations, the Standard incorporates guidelines and best practices that healthcare organizations can use to improve their cybersecurity.

Adopting the Standard can help organizations with:

  • Risk management,
  • Leadership and education,
  • Contingency planning,
  • Cyber incident response, and more.
KEY GUIDANCE FOR HEALTH LEADERS

Adopting the Standard will help health leaders:

  • Establish and align cybersecurity policies and objectives with the strategic direction of the organization.
  • Communicate the importance of effective cybersecurity and of conforming to cybersecurity program requirements.
  • Set cyber risk target levels, establish cybersecurity program metrics, and continually track progress.
  • Appoint a member of the senior-level leadership team to oversee the organization’s cybersecurity, including:
    • Building a cyber-resilient workforce
    • Cybersecurity awareness and training
    • Asset risk assessment
    • Cyber incident response planning and protocols
WHERE TO START?

For more information or to implement the Standard for Cyber Resiliency in Healthcare in your organization, download the Standard free of charge in English or French.

For additional information, please contact Darryl Kingston, Executive Director, Digital Governance Standards Institute, at darryl.kingston@dgc-cgn.org

PUBLISHED

February 5, 2024

FOR FURTHER INFORMATION

Siri Chunduri
Policy and Research Analyst
schunduri@healthcarecan.ca

Jonathan Mitchell
Vice-President, Research and Policy
jmitchell@healthcarecan.ca

Related: