Healthcare Policy

Healthcare Policy 13(4) May 2018 : 6-7.doi:10.12927/hcpol.2018.25535
From the Editor-in-Chief

Cybersecurity in Health: A 21st Century Imperative

Jennifer Zelmer

Locked filing cabinets are no longer enough to ensure security of research data and results. In the 21st century, cybersecurity is foundational to the ethical conduct of research and its application to health services and policy. It matters for ensuring the confidentiality of personal data, for integrity of research systems, for safety of digital interventions that are being studied, for protection of intellectual property, and more.

The challenge is real, not theoretical. The National Research Council has experienced state-sponsored cyberattacks (Moens et al. 2015). Universities have reported ransomware attacks (CBC News 2016). And cyberattacks are relatively frequent in the health sector, a potential source of vulnerability that is recognized by health sector leaders and citizens alike (Zelmer 2018). For instance, multiple organizations have reported malware, spyware or ransomware attacks; phishing and cyber fraud; denial of service attacks; and human error that affected critical systems. On a global scale, the World Medical Assembly has stated that “cyber-attacks on healthcare systems and other critical infrastructure represent a cross-border issue and a threat to public health” (WMA 2016).

Addressing these challenges depends on both individual and collective action. At a recent national Summit, health leaders and cyber experts explored options for strengthening the health sector’s resilience to cyber threats (HealthcareCAN 2018a). Building on the National Strategy for Critical Infrastructure endorsed by federal, provincial and territorial governments, participants declared a shared commitment to cybersecurity and to six tangible actions to increase preparedness:

  • Championing cybersecurity in Canada’s health sector;
  • Contributing to shared action plans that build collective resilience to cyberattacks;
  • Sharing information, best practices, and tools with others within and beyond the health sector to build collective capacity and resilience;
  • Informing leaders, staff and partners about the scope of the challenge and opportunities to mitigate risk;
  • Progressing cybersecurity in ways consistent with each signatory’s mandate, considering opportunities for prevention, mitigation, preparedness, response and recovery; and
  • Ensuring transparency in the context of each signatory’s unique circumstances and capacity by confirming how it will apply these commitments in its unique context and/or with its community by Cybersecurity Awareness Month in October 2018 (HealthcareCAN 2018b).

I worked with HealthcareCAN and its many partners to arrive at this Declaration. This editorial is part of my commitment to spreading the word about the challenges that we face and the importance of taking proactive action to address them. I invite you to join us in this effort to foster robust, safe and effective health and health research systems that benefit those we serve. For more information about the Declaration, how to take part in the collective effort and to get access to a range of associated resources, please visit what-we-do/health-policy/infrastructure/

The need for shared commitment and mutual support to make progress is not unique to cybersecurity; collaboration and collective contributions are equally important for producing a journal like Healthcare Policy/Politiques de Santé. As this is the last issue of this volume of the journal, I would like to express my thanks to the team responsible for its production. The Editorial Board steers the journal’s direction, as well as the path of individual submissions. They work closely with the reviewers who volunteer their time to ensure that the quality of papers we publish is high (see page 84 for a list of reviewers over the past year). Both interact directly with Ania Bogacka, the Managing Editor, and the team at Longwoods Publishing, who are core to the journal’s production and distribution. And, of course, scholarly journals depend on the creative and thoughtful efforts of the authors who publish in our pages. 

My sincere thanks to everyone involved, as well as to our readers who thoughtfully reflect on how to use the insights published here to continue to improve health and healthcare. 



CBC News. June 7, 2016. “University of Calgary Paid $20K in Ransomware Attack: No Evidence Cyberattackers Released Personal or University Data to Public.” Retrieved May 20, 2018. <>. 

HealthcareCAN. 2018a. Declaration of Commitment to Cybersafe Healthcare: Options for Strengthening Cybersecurity in Canada’s Health Sector. Retrieved May 20, 2018. <>. 

HealthcareCAN. 2018b. Declaration of Commitment to Cybersafe Healthcare. Retrieved May 20, 2018. < of%20Commitment%20to%20Cybersafe%20Healthcare.PDF>. 

Moens, A., S. Cushing and A.W. Dowd. 2015. “Cybersecurity Challenges for Canada and the United States.” Retrieved May 20, 2018. <>. 

World Medical Assembly (WMA). 2016. WMA Statement of Cyber-Attacks on Health and Other Critical Infrastructure: Adopted by the 76th WMA, Taipei, Taiwan, October 2016. Retrieved May 20, 2018. <>. 

Zelmer, J. 2018. Issue Brief: Critical Infrastructure in Canada’s Health Sector – Part B: A Focus on Cybersecurity. Retrieved May 20, 2018. <>. 


Be the first to comment on this!

Note: Please enter a display name. Your email address will not be publically displayed