Canadian Healthcare Technology Logo
  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us

GE Revolution Ascend

GE Revolution Ascend

Enovacom EPC

Enovacom EPC

Privacy & Security

Norm Ricard

Manitoba auditor finds gaping holes in WRHA’s security

August 5, 2015


WINNIPEG – Manitoba’s auditor general says more work needs to be done to protect the personal information of patients at the Winnipeg Regional Health Authority (WRHA). A new report from Norm Ricard (pictured) says there are cybersecurity holes in the systems being used by the WRHA.

“In this audit we found that the Winnipeg Regional Health Authority could not keep up with the growth in demand, nor properly control the use of end-user devices. As a result, the WRHA was unnecessarily vulnerable to personal health information falling into the wrong hands,” said Ricard in the report.

The study, called “WRHA’s Management of Risks Associated with End-user Devices,” was prompted by the theft last year of a doctor’s personal laptop which contained the records of more than 300 patients. The audit says there is a significant risk of people gaining unauthorized access to data systems and health records, in part because not enough records have been encrypted.

The report also says the health authority has failed to ensure that data remains protected when accessed by thousands of personal laptops, smartphones and other devices used by workers.

The health authority and the provincial Health Department say they accept the report and are working on implementing its recommendations for stricter security.

“Throughout our audit we observed that the WRHA was focused on ensuring compliance with the Personal Health Information Act (PHIA). While PHIA does include some security requirements, we believe that implementing a cybersecurity program based on sound risk management would invariably result in the WRHA accomplishing their goal of complying with PHIA security requirements,” the auditor general says in the report.

“Focusing first on a control framework is important because compliance with PHIA does not ensure strong cybersecurity.”

The audit found that the WRHA did have some cybersecurity controls in place, but there were insufficient controls over:

  • remote access to the health system’s networks
  • the use of unmanaged USB Flash Drives
  • laptops and desktops

Of note, the report said neither Manitoba eHealth nor the WRHA have developed plans for how to manage the proliferation of end-user devices within the WRHA. The growing demand by healthcare professionals within the organization to access information through mobile devices has resulted in a Bring-Your-Own-Device program without first putting in place the necessary strategies, risk assessments and cybersecurity controls.

The commissioner also observed the need for regular assessments of cybersecurity controls, something that is currently not being done for end-user device controls. “Such audits may have identified and addressed many of the cybersecurity control deficiencies we found in this audit,” the report said.

According to the commissioner’s report, awareness training programs have not been sufficiently developed. “Additionally, attendance to the training sessions has been poor, training content is missing important elements, and additional techniques are not used to promote information security awareness.”

The report offers 12 recommendations to improve the security of cybersystems at the WHRA. The PDF report can be accessed at: http://www.oag.mb.ca/

PreviousNext

SteraMist (Feb)

SteraMist (Feb)

News and Trends

  • RACE streamlines patient journey
  • Healthcare supply chain needs a re-think, observers say
  • EDI spots pricing anomalies in Ontario’s healthcare supply chain
  • AI centres of excellence and companies collaborate on apps
  • Talking Stick: New hope for Indigenous mental healthcare
More from the Print Edition

Subscribe

Subscribe

Free of charge to Canadian hospital managers and executives in nursing homes and home-care organizations. Learn More

Follow us on Social Media!

Follow us on Social Media!

Nihi Data [Winter 2023]

Nihi Data [Winter 2023]

WP

WP

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

Zebra

Zebra

CHT print-200×400

CHT print-200x400

SteraMist (Feb)

SteraMist (Feb)

Advertise with us

Advertise with us

Sectra One Cloud

Sectra One Cloud

Change Healthcare [2]

Change Healthcare [2]

Infoway [Feb2023]

Infoway [Feb2023]

Zebra

Zebra

CHT print-200×400

CHT print-200x400

Contact Us

Canadian Healthcare Technology
1118 Centre Street, Suite 207
Thornhill, Ontario, Canada L4J 7R9
Tel: 905-709-2330
Fax: 905-709-2258
info2@canhealth.com

  • Quick Links
    • Current Print Issue
    • Print Archive
    • Events
    • Vendors
    • About Us
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Resources
    • White Papers
    • Writers’ Guidelines
    • Privacy Policy
  • Topics
    • Administrative Solutions
    • Clinical Solutions
    • Companies
    • Continuing Care
    • Diagnostics
    • Education & Training
  •  
    • Electronic Records
    • Government & Policy
    • Infrastructure
    • Innovation
    • People
    • Privacy and Security

© 2023 Canadian Healthcare Technology

The content of Canadian Healthcare Technology is subject to copyright. Reproduction in whole or in part without prior written permission is strictly prohibited. Send all requests for permission to Jerry Zeidenberg, Publisher.

Search Site

Error: Enter a search term

  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us