The Healthcare sector in Canada is equally vulnerable to cyber attacks as of other industries. As per one of the recent reports, Canada has seen a 250% increase in the cyberattack, which is the highest increase in the world, followed by Germany, which saw a rise of 220%. Since the onset of the COVID-19 health sector has caught the attention of everyone, especially the hacker community, which has only contributed to the problems, it is observed cyber attacks can be avoided, or faster recovery can be made with efficient Managed IT Services in Healthcare. Before COVID-19, also the situation was terrible; in Dec 2019, “LifeLabs,” one of the biggest Canadian diagnostic providers, updated about data breach possibly affecting 15 million business & just before that, 3 Ontario hospitals reported ransomware attack. The threat is real & persistent; it’s just a matter of time when a healthcare facility is hit with Ransomware, Data Breach, DDoS Attacks, Insider Threat, Business Email Compromise & Fraud scams.
We all know the after-effects & losses that arise due to cyber-attacks; we are unaware that it can be a life & death situation in the health care industry. Insulin pump & other diabetes devices which are connected to the internet are prone to a cyber incident. Ransomware can take down the whole system, a convenient way to recover is to pay for the ransom, but that’s a debatable topic. Recently Irish healthcare facilities were hit by ransomware attacks, but Irish authorities (Irelands Health Services Executive) decided not to pay the ransomware & prefer building the IT Infrastructure again from scratch. There was a change of heart from hacker’s & they bailed out the system for free. The moral of the story is that it could take months & millions of dollars to rebuild the system; even after a bailout from hackers, it takes days/months to get back up and running.
Problems about cyberattacks do not just finish by resolving issues (by bringing IT infrastructure online); depending upon your geographical location, the Healthcare provider needs to take specific steps to remain compliant with the federal/provincial privacy law. For example, healthcare providers need to update the local or national authorities about the cyber attack; if the patients’ personal information has been accessed/compromised, then the healthcare provider is responsible for updating the patients about the cyber incident. All this can bring a bad name and loss of reputation & revenue for the Health care provider, which can be easily mitigated with Managed IT Services in Healthcare.
In the US, HIPAA (Health Insurance Portability and Accountability Act) is the federal law that protects any personally identifiable information by Health Care Provider. Usually, this standard (HIPAA Compliance) is followed in Canada also, but Canada has its own PIPEDA (Personal Information Protection and Electronic Document Act) law which applies to all personal data, health or otherwise, regardless of the entity (not necessarily for Healthcare Sector). Along with that Province of Ontario, New Brunswick, Newfoundland & Labrador, and Nova Scotia have their own health-related privacy laws. In these provinces, provincial laws may apply instead of PIPEDA for the healthcare sector. However, all the rules have the basic architecture of savings the patients’ personal information in some form.
Until now, we have seen the emergence & increase of cyber attacks in the healthcare sector (specifically in Canada) and laws that are in place to safeguard the interest (personal information) of users. In most scenarios, it has been found
- Lax IT policies lead to these attacks in the first place
- Lack of patch update for OS on workstations or on servers
- Lack of administrative procedures for data access
- Nack of awareness/training among staff on latest threats
- No proper isolation of web-facing applications
- No application control list
- No segmentation of data/information
All the above points can be mitigated with IT Support or Managed IT Support. In today’s era, when everything is moving towards the cloud, each & every component of the technology needs to be secured individually, requiring extreme technical expertise and support. We at Cygnik Tech provide leading Managed IT Services in healthcare sector to modernize practices to achieve digital transformation.