More and more investments in technology at the CISSS de la Côte-Nord

More and more investments in technologies at the CISSS de la Côte-Nord

UPDATE DAY

The Côte-Nord Integrated Health and Social Services Center (CISSS) has increased its investments by more than 20% in three years, aimed in particular at securing patient and employee data.

This is however far from sufficient, according to an expert contacted by TVA Nouvelles. “Data is the blood that runs through the veins of the health system,” said cybersecurity researcher at the Polytechnique de Montréal, Marc-André Léger.

“We have heard a lot about the electronic health record for several years in the health system, we also talk about digital imaging, we talk about laboratory tests. All that, today, is data that is transferred over computer networks,” he explained.

At the CISSS de la Côte-Nord, the funds allocated to information technology information went from $2,145,703 in 2020 to $2,784,304 in 2022. The money is used in part to meet the information security objectives set by the Government of Quebec.

These objectives are listed in a document entitled “information security self-assessment tool” dated March 31, 2022. TVA Nouvelles obtained a copy of it thanks to the Access to Information Act and forwarded it to Marc-André Léger.

We learn that one of the objectives not completed by the CISSS as of March 31 is to set up a “management system for information security”.

“They will never be able to meet the targets because they don't have the budgets for it. They have so many issues to deal with. They have structural deficits, so it is certain that the cybersecurity file will come quite far in the list of budgetary priorities,” lamented Mr. Léger.

Unknown amounts in cybersecurity< /strong>

Cybersecurity is an unknown part of the CISSS de la Côte-Nord's total expenditure on information technology for the year 2021-2022, which Marc-André Léger deplores.< /p>

“There is no distinction between the budget invested in information technology versus the budget invested in cybersecurity. Current information security and/or cybersecurity activities are not specifically counted in this sector of activity,” wrote a CISSS spokesperson in an email.

According to Marc-André Léger , it is difficult to measure the effectiveness of expenses when they are not quantified.

“When we look at the financial and human resources that are allocated to the cybersecurity project, we have no not the data. That is very problematic. We should have at least a budget line for that to know if what we are doing is correct,” he suggested.

The North Shore Health Center refused a request for TVA Nouvelles interview and chose to answer questions by email. A spokesperson indicated that the institution “aims to achieve information security objectives”.