Executive Overview
The average cost of a data breach in healthcare in Canada is about 5.5 million CAD. Since delivering patient care depends on cybersecurity, securing healthcare systems and patient data is absolutely crucial.
Various factors influence risks to healthcare cybersecurity, including current geopolitical events. The U.S. Department of Health and Human Services issued a note recently about the pro-Russian threat actor group KillNet has been targeting U.S. healthcare organizations with distributed denial of service attacks.
Ontario Health CEO & President, Matthew Anderson, and VP of Information Security, Lyndon Dubeau spoke with Flare CEO Norman Menz and Director of Marketing Eric Clay about lessons learned with securing patient information. Matthew is a healthcare leader with a deep background in healthcare data analytics and information technology: at Ontario Health, he is bringing together 22 agencies to lead one of the largest mergers in healthcare history.
Read about the various topics they discussed:
- Impact of the Shift from Proprietary to Standardized Systems
- Lessons Learned from Increased Attacks
- Balancing Speed and Security with New Infrastructure
- Learning from Other Industries (and Vice Versa)
Check out our full webinar recording, Securing Patient Data: Challenges & Opportunities for Healthcare Cybersec in 2023, and/or keep reading for the highlights.
Impact of the Shift from Proprietary to Standardized Systems
Over the last 10-15 years, Canadian healthcare systems have shifted from relying on proprietary systems to adopting more industry-standard systems. Though standardizing software has benefits, this can also have negative consequences too.
With standardized software systems, there isn’t one big “front door” that threat actors can access to take down the system, but rather hundreds of “little windows” in many places.
Specifically with Ontario Health, the approach to protect these multiple access points is viewing cybersecurity as a team sport. By collaborating with government and delivery partners, Ontario Health ensures that everyone is raising the security maturity level to respond effectively.
Lessons Learned from Increased Attacks
Especially early on in the pandemic, not only did threat actors ramp up their attacks on healthcare systems, but healthcare also became dependent on virtual services. Bringing in a trusted managed security service provider (MSSP) has added so much capability to the internal team.
Also, though employees have weekends and holidays, threat actors can (and do) attack 24/7; their attacks often purposefully surge before holidays or weekends. MSSPs contribute to the overall resources in an organization’s cyber toolkit. Additional cybersecurity support has ensured that healthcare providers can continue to deliver patient services securely.
Integrate the world’s easiest to use and most comprehensive cybercrime database into your security program in 30 minutes.
Balancing Speed and Security
than ever before.
Ontario Health learned a lot from setting up a provincial lab network for COVID testing, which provided a helpful foundation in the future for the COVID vaccine rollout. There were originally 45 separate labs before the pandemic, which all had to be connected to facilitate:
- Acquiring swab samples
- Transporting swab samples
- Testing the swabs
- Uploading the information to a database
- Communicating test results with the patients
Building a comprehensive lab network could closely track where the disease spread, and that data better informs how to contain it.
The saying “perfection is the enemy of progress” applied in this situation, as it was necessary to prioritize speed over making a flawless system. The information security team involved in creating the system communicated this tradeoff to elected government officials and was able to build security at the capture level over time.
Learning from Other Industries (and Vice Versa)
Learning from others’ mistakes and successes is key to a robust cybersecurity strategy.
In Ontario, there is a collaborative approach that focuses on relying on international cross sectoral standards as the foundation. Within the healthcare domain, Ontario Health leads that work, and shares information with other sectors like municipal, K-12, higher education, finance, and more.
Teaching others about your own successes and lessons learned is also significant to a team-approach. According to our research on dark web leaked credentials, healthcare (hospitals, patient services providers, etc) and labs & pharmaceuticals are amongst the most secure industries, and other industries can learn from that.
Healthcare Cybersecurity in the Digital Era
The landscape of healthcare cybersecurity continues to evolve along with digital advancements. As healthcare becomes increasingly dependent on virtual services, the necessity for robust, 24/7 cybersecurity measures is extremely important.
Ontario Health, with its collaborative approach and emphasis on learning from other industries, exemplifies the resilience and adaptability required in this environment. Centering a team-centric view of cybersecurity, the necessity of balancing speed and security, and the importance of learning from cross-sector standards form the pillars of the modern cybersecurity strategy.
The healthcare sector’s steadfast commitment to safeguard patient data is a testament to its dedication to providing secure and efficient care in an ever-evolving landscape. This collective commitment to cybersecurity will determine the resilience and success of healthcare organizations and their patients in our interconnected digital world.