By Peter Jones, Head of Healthcare Industry, Microsoft Canada
Today, cybersecurity is one of the most vital concerns for organizations across all industries as they embrace modern technology and digital transformation. For healthcare organizations in particular, it can be difficult to balance innovation with the compliance requirements needed to protect patient information and sensitive data. If the right technology is not leveraged, cyberattacks can have a lasting impact and impede the important work of our healthcare providers.
Security vulnerabilities have increased in the healthcare sector due to the evolution of medical technology and the rapid transition to electronic health records (EHRs). Since the start of the pandemic, cybercriminals have targeted this sector and are taking advantage of these modern access points.
In Ontario, the provincial government is running a pilot project to standardize some basic cyber capabilities, called the Regional Security Operations Center (RSOC). This establishes a coordinated approach to protecting digital health information and infrastructure.
Microsoft Canada’s Chief Security Officer, Kevin Magee, recently sat down with Jean-Claude Lemonde, Chief Information Security Officer at The Ottawa Hospital, an RSOC, to discuss their digital transformation and key learnings from recent ransomware attacks against several healthcare organizations across the province and country. The discussion mentions common vulnerabilities and pathways to attacks in healthcare, such as legacy systems, inadequate IT staff, and complacency with security policy documentation. These are all gaps that Lemonde is addressing with technology and he shared key learnings below to ensure his organization continues to stay safe.
Take advantage of the right technology: Lemonde credits Microsoft Defender for Endpoint and Cloud technology for quickly containing their attack and being able to share threat intelligence with partner institutions. He says, “Adopting the Microsoft stack and security suite has been a game-changer for The Ottawa Hospital. Not only did this help us improve our security posture, but it also saved us time by eliminating non-value-added tasks such as finding storage space for the Sharepoint-enabled database; this time could be reinvested in value-added initiatives such as automation. Azure takes care of all of that, so we were able to focus on helping our end users keep working safely.
Prioritize threat intelligence sharing: Lemonde also points out that one of the keys to resilience is recognizing that no institution is a stand-alone entity. The whole health system is interdependent and each institution is influenced by the other. That’s why a common threat intelligence sharing platform should be a priority. The Ottawa Hospital has offered partner facilities to join their Microsoft 365 tenant where they have access to all automation technologies and sophisticated Microsoft Defender services. This enables their network of healthcare facilities to share and access threat intelligence to cultivate a strong collective security posture.
Foster a culture of safety: Another key learning that Lemonde shares is that fostering a culture of cybersecurity awareness within the organization is an important part of mitigation. He mentions that he relies on leadership to brief and educate their teams on security best practices to help them understand how their digital actions could impact the security of the institution. There has been an improvement in awareness over the past few years, largely due to this approach and everyone feeling empowered to do their job safely while understanding their individual role in protecting the organization. .
Lemonde concludes with the feeling that service management, understanding potential risks, and institutional collaboration are key to staying ahead of the next cyberthreat and will help the organization improve value for its users.
Organizations need to be protected against the inevitable modern threats that come with digital transformation. By leveraging the right technology, healthcare organizations can prevent and detect attacks across all touchpoints to protect themselves and their patients.
To learn more about The Ottawa Hospital’s cybersecurity transformation, please watch the full webinar here