Trending Themes: What We Learned at the Ontario Cyber Security Conference

Matteo Rossit
Animated image of laptop highlighting security measures including strong passwords and verifying email sender's identity

Earlier this month, I had the pleasure of joining my fellow cybersecurity professionals at the Ontario Cyber Security Conference, focused on Strengthening Ontario’s Broader Public Sector, including the healthcare sector.

We at HIROC had a chance to hear from various cybersecurity leaders and knowledge experts.

They brought the full weight of their expert knowledge, experience, and technical know-how to bare when discussing the challenges and opportunities that face today’s public institutions from a wide range of emerging technologies and threats.

One of the highlights of the conference was Ontario Health’s presentation on “The State of Cybersecurity in the Health Sector.” This session featured experts from Ontario Health, Ali Shahidi, Director of Information Security and Greg Moshonas, Director of Cyber Security Defense, and touched on topics that are on everyone’s mind today and how we, as security professionals, can prepare, plan, and secure our organizations against current and future threats.

Here are a few of the key trends Ali and Greg shared during their insightful talk:

On Artificial Intelligence (AI):


Ali shared how Generative AI is supporting the development of emerging tools that offer a vast potential in the areas of medical imaging enhancement, drug discovery, personalized treatment plans, prosthetics and implants design, clinical report generation, genomic data analysis, and increased healthcare availability.

Ali stressed how the healthcare sector must build the “right privacy foundation” and develop the needed governance and strategies for Generative AI usage. Additionally, bringing greater awareness and training to staff on the potential risks of using Generative AI, not to mention, implementing the needed security technologies and methodologies such as Zero Trust. By doing so, it would provide stronger access and monitoring controls, in order to have a holistic defense in depth for sensitive datasets. Once these critical measures are in place, we can walk forward into the future with confidence.

On Zero Trust:


Not a new concept to most IT departments, the Zero Trust model is still getting caught at a few key hurdles on its way to full adoption. Partial implementation of Zero Trust in organizations continue to hamstring the benefits a complete implementation of this model would have, with micro-segmentation and “assume breach” methodologies being at the centre.

Greg added, “Like the adoption of any new models, a culture change will be needed in relation to how we think about system design and implementation to truly incorporate secure and usable systems.”

On Quantum Computing:


One of the most paradigm-shifting technologies discussed was the development of Quantum Computing. With a massive increase in computing power, Quantum Computing puts an underpinning global security technology, current cryptographic protocols and algorithms at risk of being rendered deprecated and obsolete.

Some threat actors are currently stockpiling encrypted data with the intention of utilizing this new technology one day to break encrypted data, something security professionals rely on to preserve data confidentiality and integrity.

Ali and Greg mentioned to address this, a refocus needs to happen to not allow this data to be exfiltrated in the first place, with our reliance on encryption as an ultimate failsafe needing reevaluation, while considering Quantum Computing compatibilities in their future hardware and software designs and procurements.

On the Health Sector Cyber Threat Exchange:


Some great news Ali and Greg shared revolves around the partnership between the Canadian Centre for Cyber Security, Managed Security Service Providers (MSSP), and Ontario Health, and the development of a healthcare specific Cyber Threat Exchange.

A key tenet of the partnership is collaboration, all with the goal of:

  • Collaboration between MSSPs and the Cyber Threat Exchange central command 
  • Creation of shareable Indicators of Compromise (IOCs) 
  • Dissemination of these IOCs to stakeholders through Local Delivery Groups (LDG) 
  • This initiative looks to bring about a massive improvement in response times and raising the level of security for the sector as a whole 

Ali closed the talk by rallying the capacity crowd.

“Cyber threats faced by the healthcare sector need to be addressed as a team sport,” he said. 

“These threats can happen to any of us, and so collective communication and open collaboration will be the most effective ways to combat and reduce risk as a community - while all needed governance and legal and privacy considerations would need to get developed to build trust among all entities involved in sectoral threat intel exchange models.”


Matteo Rossit is the Privacy & Compliance Coordinator in HIROC's Legal Department.