Cyber Resiliency in Healthcare

CIO Strategy Council
Standards Development Organisation:
CIOSC
Working Program:
View the CIO SC work program
Designation Number:
CAN/CIOSC 118
Standard Type:
National Standard of Canada - Domestic
Standard Development Activity:
New Standard
ICS code(s):
35.030; 35.240.80
Status:
Proceeding to development
SDO Comment Period Start Date:
SDO Comment Period End Date:
Posted On:

Scope:

Note: CIO Strategy Council announced an organizational name change to the Digital Governance Council (DGC), effective January 30, 2023 and the creation of a new standards development division, Digital Governance Standards Institute (DGSI). Note: The comment period for this NOI has been extended to March 31, 2022 to allow for a collaborative discussion to take place between SCC-accredited SDOs. This proposed standard aims to specify minimum requirements for cyber security in healthcare organizations and support cyber resiliency of Canada’s Healthcare system. Considerations: - Leveraging best practice from existing Standards and certifications - Unique “healthcare specific” threats - Adapting to the ever-changing cyber-threat landscape - Training, awareness, and adoption for frontline workers - Addressing security of personal health information (PHI) - Issues with antiquated and legacy systems - Critical infrastructure and mission critical systems

Project need:

Canada’s healthcare system has become a prime target for cyber attacks. The added pressure on the healthcare system, legacy and antiquated system used at frontline institutions and the value of the data held by these institutions has allowed for easy targets for bad actors. Risks today present not only at the corporate level (e.g., fraud, ransom) and the social level (e.g., unauthorized exposure of private health information leading to blackmail, identity theft or loss of public trust), but also at the point of care itself. The project is proposed by HealthCareCAN, the national voice of action for health organizations and hospitals across Canada, and is supported by Public Safety Canada’s Cyber Security Cooperation Program.

Note: The information provided above was obtained by the Standards Council of Canada (SCC) and is provided as part of a centralized, transparent notification system for new standards development. The system allows SCC-accredited Standards Development Organizations (SDOs), and members of the public, to be informed of new work in Canadian standards development, and allows SCC-accredited SDOs to identify and resolve potential duplication of standards and effort.

Individual SDOs are responsible for the content and accuracy of the information presented here. The text is presented in the language in which it was provided to SCC.