At this month’s Government Cybersecurity Showcase Ontario, public sector leaders explored one of the most pressing challenges facing our country today: how to strengthen cyber resilience in the face of escalating threats. Healthcare has become one of the most targeted industries worldwide, and Ontario’s health system provides critical lessons that extend well beyond hospitals and clinics.

A panel featuring: 

• Stephen Lloyd, Director, Ontario Cyber Security Centre, Ontario Health
• Greg Moshonas, Vice President, Cyber Security and Foundational Services, Ontario Health
• Dhanush Liyanage, Interim Director, Cyber Security Defense, Ontario Health
• Hong Shen, Interim Manager, Cyber Security Defense, Ontario Health
• Jason Persaud, Head of Cyber Security Operations Branch, Ontario Public Service

Shared how Ontario Health and the Ontario Public Service have evolved their incident response models to protect patients, safeguard data, and ensure continuity of service. What emerged was a practical playbook that government organizations across Canada can adapt.

Build Structured Protocols—But Don’t Wait for Perfection

Liyanage explained how Ontario Health once relied on a scorecard system to quickly determine risk levels during breaches and decide whether to disconnect vulnerable partners. While the process has since matured, the lesson remains: structure and speed are critical.

Lloyd emphasized that organizations shouldn’t hold out for the “perfect” system before acting. Instead, adopt an agile approach: implement structured processes now, then refine them over time.

Strategy:

• Define clear escalation protocols for breaches.
• Use frameworks to support rapid decision-making, even if they’re imperfect.
• Continuously refine processes based on real-world incidents.

Prioritize Communication Over Technology

While technical tools are essential, Persaud stressed that Ontario Health’s early focus on communication protocols was a game-changer. Clear, timely, and transparent communication—both internally and across agencies—proved just as important as monitoring systems.

Strategy:

• Establish communication playbooks that specify what to communicate, to whom, and when.
• Conduct tabletop exercises that test not only IT teams but also executives, legal, and communications staff.
• Treat every incident as a learning opportunity and share anonymized lessons across sectors.

Strengthen Collective Defense Through Local Delivery Groups

Lloyd described how Ontario Health created local delivery groups to foster collaboration at the regional level. These groups share governance structures, pool resources, and coordinate threat response across providers. The approach reflects a hard truth: interconnected systems mean a breach at one organization can ripple across the entire network.

Strategy:

• Establish regional or departmental partnerships to align defense strategies.
• Formalize governance models to enable joint decision-making.
• Expand collective defense beyond core services to include smaller agencies and community partners.

Share Threat Intelligence in Real Time

Moshonas highlighted Ontario’s Cyber Threat Intelligence Exchange (CTIX), which distributes real-time intelligence across the sector. Instead of reacting in isolation, agencies now benefit from shared visibility into threats, reducing the likelihood of repeat attacks.

Persaud added that intelligence must move beyond the technical layer. Strategic threat context helps executives understand risk, secure funding, and make informed decisions.

Strategy:

• Contribute as well as consume intelligence—cyber defense must be a two-way street.
• Encourage vendors and MSSPs to collaborate, not compete, in sharing threat data.
• Use intelligence to inform both technical teams and executive decision-makers.

Invest in People as Your Greatest Asset

Technology and process matter, but Shen and Liyanage both agreed that people are the most valuable investment. Retraining existing staff, empowering internal experts, and embedding cybersecurity across every department creates a stronger, faster, and more resilient response capability.

Strategy:

• Upskill internal talent to build a workforce that understands both business context and security.
• Partner with MSSPs to supplement staff capacity, but keep critical knowledge in-house.
• Make security everyone’s responsibility—from IT to operations to leadership.

Balance Speed and Caution with Patient (or Citizen) Impact in Mind

For Ontario Health, certain services—such as organ donation programs—are too critical to risk. Liyanage explained that leadership empowered teams to make tough calls, even shutting down systems when necessary, to prevent larger breaches.

Strategy:

• Identify your organization’s most critical services and prioritize them during an incident.
• Secure leadership buy-in to make decisive containment moves.
• Use simulated “worst-case” scenarios to prepare teams for high-stakes decision-making.

Tell the Good News Stories

Persaud closed by noting that cybersecurity teams rarely highlight their successes. Organizations should celebrate avoided breaches, blocked phishing attempts, and improved response times—because these stories justify funding and build trust.

Strategy:

• Track and report successes alongside failures.
• Share results with boards, executives, and stakeholders to maintain support.
• Frame cybersecurity not only as risk management, but as a driver of resilience and trust.

Final Word: A Collective Responsibility

As Moshonas summarized, the future of cybersecurity isn’t about going it alone. Threat actors are coordinated, and so governments and agencies must be too. Across healthcare and beyond, the lessons are clear: invest in people, prioritize communication, share intelligence, and collaborate across regions.

For potential partners and sponsors, this is where you can make a difference—by supporting initiatives that turn these strategies into reality across Canada’s public sector. Together, we can build the resilience needed to safeguard services, protect citizens, and strengthen trust.