How to deter cyber-attacks: TOH outlines its best practices

Today, cybersecurity is one of the most vital concerns for organizations across all industries as they embrace modern technology and digital transformation. For healthcare organizations specifically, it can be a challenge to balance innovation with the compliance requirements necessary to protect patient information and sensitive data.

We have seen complete digitization of hospital information systems such as EHRs, e-prescribing solutions, practice management support systems and radiology information networks. In addition, at risk are thousands of devices that comprise the Internet of Things, like smart elevators, smart heating, ventilation and air conditioning (HVAC) and remote patient monitoring devices. Which is why a robust cyber-defense plan is critical to protecting the confidentiality, integrity and availability of patient information.

Since the onset of the pandemic, cyber criminals have homed in on this sector and are taking advantage of these modern access points. If the right technology isn’t leveraged, cyberattacks can have a lasting impact and impede the important work of our healthcare providers.

In Ontario, the provincial government is conducting a pilot to standardize some core cyber capabilities, termed the “Regional Security Operations Centre (RSOC)”. This initiative, funded by Ontario Health, allows organizations to benefit from IT resources, technology and safeguards on a level not attainable as a standalone model. Core capabilities of the RSOC include the continuous monitoring and analysis of the security procedures of these institutions, defence against security breaches and active isolation and mitigation of security risks. This establishes a coordinated approach to the protection of digital health care information and infrastructure.

Microsoft Canada’s Chief Security Officer, Kevin Magee, recently sat down with Jean-Claude Lemonde, Chief Information Security Officer at The Ottawa Hospital, an RSOC, to discuss their digital transformation and key learnings after recent ransomware attacks on multiple healthcare organizations across the province and the country. The discussion mentions common weak spots and attack entry ways in healthcare, such as legacy systems, inadequate IT staffing and complacency with security policy documentation. These are all gaps that Lemonde is tackling with technology, and he shared insights and strategies that ensure his organization continues to stay safe.

Leveraging the right technology: Lemonde credits Microsoft Defender technology for endpoint and cloud for the quick containment of attacks and ability to share threat intelligence with partner institutions. He says, “the adoption of Microsoft stack and the security suite has been a game changer for The Ottawa Hospital. Not only has it helped us to improve our security posture, but it helped us save time by eliminating non-value-added tasks such as finding storage space for the database that supports Sharepoint; that time could be reinvested in value-added initiative such as automation. Azure deals with all of that so we were able to focus on helping our end-users continue to work securely.”

A modern cyber-security plan helps organizations stay productive and resilient. The key to remaining secure and productive is a zero-trust approach that authenticates, authorizes, and encrypts every access request. Organizations should also take advantage of AI and automation to free up security and IT teams. They will then have more time to focus on value-add work, delivering increased innovation to the organization.

Prioritizing threat intelligence sharing: Lemonde also emphasizes that one of the keys to resilience is recognizing that no institution is a stand-alone entity. The entire healthcare system is interdependent, and each institution is affected by the other. Therefore, a common platform for sharing threat intelligence should be a priority.

The Ottawa Hospital has offered partner institutions the opportunity to join their Microsoft 365 tenant, with access to all automation technology and sophisticated Microsoft Defender services. This allows their network of healthcare institutions to share and access threat intelligence to cultivate a collective, robust security posture.

Sharing threat intelligence is so much more important now than ever before due to the interconnectivity of systems, and the use of shared Wi-Fi and IoT devices. Allowing partner institutions access to this intel keeps cyber leaders informed of suspicious network activity, allows them to avoid making the same mistakes their peers made and to deploy proven cyber defense solutions.

Through the Cyber Threat Intelligence Program (CTIP), Microsoft provides law enforcement, government Computer Emergency Response Teams (CERTs), ISPs and government agencies responsible for the enforcement of cyber laws and the protection of critical infrastructure with better insights into criminal cyber infrastructure located within their jurisdiction, as well as a view of compromised computers and victims impacted by such criminal infrastructure. The CTIP aims to strengthen countries’ digital borders and infrastructure security against cyber threats.

Fostering a culture of security: Another key learning that Lemonde shares is that fostering a culture of cyber security awareness within the organization is a significant part of mitigation. He mentions that he leans on leadership to inform and educate their teams on security best practices to help them understand how their digital actions could have consequences for the institution’s security.

Creating a culture where everyone takes accountability for defending the enterprise against cybercrime will require that we get everyone engaged and aware of the day-to-day risks so they know how their actions and choices can mitigate, or increase, those risks. Ultimately, it comes down to leaders. Those in management who have the decision-making power must implement the right training, technologies and security solutions to avoid potentially disastrous situations.

Lemonde ends with the sentiment that service management, understanding potential risks and institutional collaboration are essential in staying ahead of the next cyber threat and will help the organization improve value for their users.

Organizations need to be protected against inevitable modern threats that come with digital transformation. By leveraging the right technology, healthcare organizations can prevent and detect attacks across all touchpoints to protect themselves and their patients.

To learn more about the Ottawa Hospital’s cybersecurity transformation, please watch the full webinar here.

Peter Jones is Healthcare Industry Lead, Microsoft Canada.