Data breaches are costly for Canadian organizations, who must pay an average of $6.32 million per data breach, according to IBM’s latest data breach report. The healthcare sector continues to be the hardest hit by security breaches.
“The health sector has very sensitive data,” explains Fyscillia Ream, lecturer at the School of Criminology at the University of Montreal and member of the chair in cybercrime prevention.
Since 2011, hospitals and medical clinics have been at the top of the list of establishments most affected by security breaches, partly because of the vulnerability of their computer systems.
Nearly one in two data breaches involves the theft of personal information, such as social security numbers, email addresses, phone numbers and postal addresses, according to the IBM report. hackers can resell this data on the dark webexplains Fyscillia Ream. With this data, they can go and apply for loans or credit cards, or even create a new identity.
Mme Ream gives the example of a former employee of the Sainte-Justine hospital who had consulted “without justification” the medical records of 344 patients in 2020. “A lot of employees will consult information to which they have access, even if they are not authorized to consult it,” notes the lecturer.
The data leak at Sainte-Justine Hospital is not an isolated case. The duty reported last January that 9,000 users of the CISSS de Laval had seen their personal data compromised following a cyberattack targeting the firm Segma Recherche, which was conducting a survey for the healthcare establishment.
Ontario’s health care system was also the victim of a data breach during the pandemic. The personal information of 360,000 Ontarians was affected by a leak of the database of people vaccinated against COVID-19.
Globally, each computer breach costs healthcare organizations an average of $13.53 million, according to IBM calculations.
The solution, AI?
Rich in personal information, the healthcare and financial sectors are the most coveted by hackers, reveals the IBM report.
Hackers often obtain the information after an employee opens an attachment containing a computer virus or when an email containing confidential data is sent to the wrong person. “In the health care system, it’s very important to educate employees about cybersecurity,” says M.me Ream.
According to the IBM report, organizations using artificial intelligence (AI) and automation in their security systems are seeing shorter data breach times and lower remediation costs. “Canadian organizations that invest in AI and automation will be better equipped to detect and recover from breaches,” said Daina Proctor, security delivery lead at IBM Canada.
For his part, Mme Ream cautions, however, that it is important to remember that the implementation of AI in cybersecurity systems is still very recent.