Canadian Healthcare Technology Logo
  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us

GE [April2023]

GE [April2023]

Enovacom EPC

Enovacom EPC

Privacy & Security

How to deter cyber-attacks: TOH outlines its best practices

By Peter Jones

September 1, 2022


Today, cybersecurity is one of the most vital concerns for organizations across all industries as they embrace modern technology and digital transformation. For healthcare organizations specifically, it can be a challenge to balance innovation with the compliance requirements necessary to protect patient information and sensitive data.

We have seen complete digitization of hospital information systems such as EHRs, e-prescribing solutions, practice management support systems and radiology information networks. In addition, at risk are thousands of devices that comprise the Internet of Things, like smart elevators, smart heating, ventilation and air conditioning (HVAC) and remote patient monitoring devices. Which is why a robust cyber-defense plan is critical to protecting the confidentiality, integrity and availability of patient information.

Since the onset of the pandemic, cyber criminals have homed in on this sector and are taking advantage of these modern access points. If the right technology isn’t leveraged, cyberattacks can have a lasting impact and impede the important work of our healthcare providers.

In Ontario, the provincial government is conducting a pilot to standardize some core cyber capabilities, termed the “Regional Security Operations Centre (RSOC)”. This initiative, funded by Ontario Health, allows organizations to benefit from IT resources, technology and safeguards on a level not attainable as a standalone model. Core capabilities of the RSOC include the continuous monitoring and analysis of the security procedures of these institutions, defence against security breaches and active isolation and mitigation of security risks. This establishes a coordinated approach to the protection of digital health care information and infrastructure.

Microsoft Canada’s Chief Security Officer, Kevin Magee, recently sat down with Jean-Claude Lemonde, Chief Information Security Officer at The Ottawa Hospital, an RSOC, to discuss their digital transformation and key learnings after recent ransomware attacks on multiple healthcare organizations across the province and the country. The discussion mentions common weak spots and attack entry ways in healthcare, such as legacy systems, inadequate IT staffing and complacency with security policy documentation. These are all gaps that Lemonde is tackling with technology, and he shared insights and strategies that ensure his organization continues to stay safe.

Leveraging the right technology: Lemonde credits Microsoft Defender technology for endpoint and cloud for the quick containment of attacks and ability to share threat intelligence with partner institutions. He says, “the adoption of Microsoft stack and the security suite has been a game changer for The Ottawa Hospital. Not only has it helped us to improve our security posture, but it helped us save time by eliminating non-value-added tasks such as finding storage space for the database that supports Sharepoint; that time could be reinvested in value-added initiative such as automation. Azure deals with all of that so we were able to focus on helping our end-users continue to work securely.”

A modern cyber-security plan helps organizations stay productive and resilient. The key to remaining secure and productive is a zero-trust approach that authenticates, authorizes, and encrypts every access request. Organizations should also take advantage of AI and automation to free up security and IT teams. They will then have more time to focus on value-add work, delivering increased innovation to the organization.

Prioritizing threat intelligence sharing: Lemonde also emphasizes that one of the keys to resilience is recognizing that no institution is a stand-alone entity. The entire healthcare system is interdependent, and each institution is affected by the other. Therefore, a common platform for sharing threat intelligence should be a priority.

The Ottawa Hospital has offered partner institutions the opportunity to join their Microsoft 365 tenant, with access to all automation technology and sophisticated Microsoft Defender services. This allows their network of healthcare institutions to share and access threat intelligence to cultivate a collective, robust security posture.

Sharing threat intelligence is so much more important now than ever before due to the interconnectivity of systems, and the use of shared Wi-Fi and IoT devices. Allowing partner institutions access to this intel keeps cyber leaders informed of suspicious network activity, allows them to avoid making the same mistakes their peers made and to deploy proven cyber defense solutions.

Through the Cyber Threat Intelligence Program (CTIP), Microsoft provides law enforcement, government Computer Emergency Response Teams (CERTs), ISPs and government agencies responsible for the enforcement of cyber laws and the protection of critical infrastructure with better insights into criminal cyber infrastructure located within their jurisdiction, as well as a view of compromised computers and victims impacted by such criminal infrastructure. The CTIP aims to strengthen countries’ digital borders and infrastructure security against cyber threats.

Fostering a culture of security: Another key learning that Lemonde shares is that fostering a culture of cyber security awareness within the organization is a significant part of mitigation. He mentions that he leans on leadership to inform and educate their teams on security best practices to help them understand how their digital actions could have consequences for the institution’s security.

Creating a culture where everyone takes accountability for defending the enterprise against cybercrime will require that we get everyone engaged and aware of the day-to-day risks so they know how their actions and choices can mitigate, or increase, those risks. Ultimately, it comes down to leaders. Those in management who have the decision-making power must implement the right training, technologies and security solutions to avoid potentially disastrous situations.

Lemonde ends with the sentiment that service management, understanding potential risks and institutional collaboration are essential in staying ahead of the next cyber threat and will help the organization improve value for their users.

Organizations need to be protected against inevitable modern threats that come with digital transformation. By leveraging the right technology, healthcare organizations can prevent and detect attacks across all touchpoints to protect themselves and their patients.

To learn more about the Ottawa Hospital’s cybersecurity transformation, please watch the full webinar here.

Peter Jones is Healthcare Industry Lead, Microsoft Canada.

PreviousNext

CHT print [900×150]

CHT print [900x150]

News and Trends

  • Ottawa’s health information demands will benefit patients
  • AI-powered tool on St. Michael’s surgical unit helps to improve care
  • Bots to help doctors reduce time spent on electronic records
  • Bissell Centre uses analytics to better understand client data
  • Canadian team is making ultrasound easier to use
More from the Print Edition

Subscribe

Subscribe

Free of charge to Canadian hospital managers and executives in nursing homes and home-care organizations. Learn More

Follow us on Social Media!

Follow us on Social Media!

Softworks

Softworks

Cdn Institute HCIwest

Cdn Institute HCIwest

Nihi Spring 2023

Nihi Spring 2023

Advertise with us

Advertise with us

Sectra [Feb]

Sectra [Feb]

Change Healthcare [2]

Change Healthcare [2]

Infoway [April2023]

Infoway [April2023]

Zebra [Mar2023]

Zebra [Mar2023]

RealTime

RealTime

CHT print [900×150]

CHT print [900x150]

Advertise with us

Advertise with us

Sectra [Feb]

Sectra [Feb]

Change Healthcare [2]

Change Healthcare [2]

Infoway [April2023]

Infoway [April2023]

Zebra [Mar2023]

Zebra [Mar2023]

RealTime

RealTime

Contact Us

Canadian Healthcare Technology
1118 Centre Street, Suite 207
Thornhill, Ontario, Canada L4J 7R9
Tel: 905-709-2330
Fax: 905-709-2258
info2@canhealth.com

  • Quick Links
    • Current Print Issue
    • Print Archive
    • Events
    • Vendors
    • About Us
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Resources
    • White Papers
    • Writers’ Guidelines
    • Privacy Policy
  • Topics
    • Administrative Solutions
    • Clinical Solutions
    • Companies
    • Continuing Care
    • Diagnostics
    • Education & Training
  •  
    • Electronic Records
    • Government & Policy
    • Infrastructure
    • Innovation
    • People
    • Privacy and Security

© 2023 Canadian Healthcare Technology

The content of Canadian Healthcare Technology is subject to copyright. Reproduction in whole or in part without prior written permission is strictly prohibited. Send all requests for permission to Jerry Zeidenberg, Publisher.

Search Site

Error: Enter a search term

  • Issues
    • Current Print Issue
    • Print Archive
  • Advertise
    • Publishing Schedule
    • Circulation
    • Unit Sizes and Rates
    • Mechanical Requirements
    • Electronic Advertising
    • White Papers
  • Subscribe
    • Print Edition
    • e-Messenger
    • White Papers
  • Events
  • Vendors
  • About Us