Countering Cyberattacks Targeting Artificial Intelligence Systems in Healthcare: An Assessment of Quebec’s Legal Framework
Marianne Ozkan
Marianne Ozkan’s work examines how Quebec’s legal framework governs cybersecurity measures for artificial intelligence systems in healthcare. Her research focuses on whether existing legal provisions allow the healthcare information system to effectively anticipate and minimize the risks of cyberattacks. She situates this question in the growing use of AI in healthcare, including diagnostics, medical imaging, personalized treatment, administrative optimization, and tools that support clinical documentation.
Her findings show that Quebec’s cybersecurity provisions have a broad scope, covering healthcare system assets such as medical devices, software that directly or indirectly accesses health information, other software used by healthcare facilities, and health data itself. However, she also identifies an important gap: some laws remain designed around traditional IT systems and do not fully account for AI models, their design methods, or the vulnerabilities specific to these technologies. With Quebec’s digital health record being piloted, she argues that now is a key moment to adapt the legal framework to the realities of AI-driven healthcare.
Ozkan recommends using recognized technical standards as a practical way to keep legal requirements aligned with fast-moving technological change. Rather than rewriting laws constantly, lawmakers could reference adaptable technical standards that evolve with best practices in AI cybersecurity. She also highlights Quebec’s certification process for software related to health data as a promising governance tool, noting its potential to balance public oversight with private-sector responsibility while encouraging developers to integrate cybersecurity compliance from the earliest stages of system design.