By Peter Jones, Healthcare Industry Lead, Microsoft Canada
Today, cybersecurity is one of the most vital concerns for organizations across all industries as they embrace modern technology and digital transformation. For healthcare organizations specifically, it can be a challenge to balance innovation with the compliance requirements necessary to protect patient information and sensitive data. If the right technology isn’t leveraged, cyberattacks can have a lasting impact and impede the important work of our healthcare providers.
Security vulnerabilities have increased in the healthcare industry due to the evolution of medical technology and the rapid transition to electronic health records (EHRs). Since the onset of the pandemic, cyber criminals have honed in on this sector and are taking advantage of these modern access points.
In Ontario, the provincial government is conducting a pilot to standardize some core cyber capabilities, termed the “Regional Security Operations Centre (RSOC)”. This establishes a coordinated approach to the protection of digital health care information and infrastructure.
Microsoft Canada’s Chief Security Officer, Kevin Magee, recently sat down with Jean-Claude Lemonde, Chief Information Security Officer at The Ottawa Hospital, an RSOC, to discuss their digital transformation and key learnings after recent ransomware attacks on multiple healthcare organizations across the province and the country. The discussion mentions common weak spots and attack entry ways in healthcare such as legacy systems, inadequate IT staffing and complacency with security policy documentation. These are all gaps that Lemonde is tackling with technology and he shared the below key learnings to ensure his organization continues to stay safe.
Leveraging the right technology: Lemonde credits Microsoft Defender technology for end-point and cloud for the quick containment of their attack and ability to share threat intelligence with partner institutions. He says, “the adoption of Microsoft stack and the security suite has been a game changer for The Ottawa Hospital. Not only has it helped us to improve our security posture, but it helped us save time by eliminating nonvalue added tasks such as finding storage space for the database that supports Sharepoint; that time could be reinvested in value added initiative such as automation. Azure deals with all of that so we were able to focus on helping our end users continue to work securely.”
Prioritizing threat intelligence sharing: Lemonde also emphasizes that one of the keys to resilience is recognizing that no institution is a stand-alone entity. The entire healthcare system is interdependent and each institution is affected by the other. This is why a common platform for sharing threat intelligence should be a priority. The Ottawa Hospital has offered partner institutions to join their Microsoft 365 tenant where they have access to all automation technology and sophisticated Microsoft Defender services. This allows their network of healthcare institutions to share and access threat intelligence to cultivate a collective robust security posture.
Fostering a culture of security: Another key learning that Lemonde shares is that fostering a culture of cyber security awareness within the organization is a significant part of mitigation. He mentions that he leans on leadership to inform and educate their teams on security best practices to help them understand how their digital actions could have consequences for the institution’s security. There has been improvement in awareness in recent years that is largely due to this approach and ensuring that everyone feels empowered to do their jobs safely while understanding their individual roles in protecting the organization.
Lemonde ends with the sentiment that service management, understanding potential risks and institutional collaboration are essential in staying ahead of the next cyber threat and will help the organization improve value for their users.
Organizations need to be protected against inevitable modern threats that come with digital transformation. By leveraging the right technology, healthcare organizations can prevent and detect attacks across all touchpoints to protect themselves and their patients.
To learn more about the Ottawa Hospital’s cybersecurity transformation, please watch the full webinar here