October is Cyber Security Awareness Month, an awareness campaign promoted by the Government of Canada. Each year in October, this campaign aims to educate Canadians about the importance of cyber security.
With much-needed digitization taking place in Canadian healthcare, including rising EMR usage, many of the challenges highlighted by Cyber Security Awareness Month are impacting clinics across Canada.
Our latest blog highlights how WELL Health works to prevent healthcare cyberattacks in our own WELL Health Clinics and how WELL’s Cybersecurity Division provides services that can help solve IT and cybersecurity headaches across Canadian healthcare, including non-WELL clinics.
Why Healthcare Cyber Security Is So Important
In our personal lives, most of us understand cybersecurity is necessary, but Canadians are free to choose how much they do to protect themselves.
However, in healthcare, the appetite for risk must be low. Dealing with personal health information requires a commitment to following best practices and investing in the correct tools and services because it is clear that technology plays a vital role in preventing healthcare cyberattacks.
Unfortunately, many clinics in Canada are still relying on their ‘IT Guy’ to provide cyber security support. There is often a perception amongst clinicians that hackers aren’t interested in small clinics, and this leads many clinics to take cybersecurity lightly.
The reality is that hackers are still interested in small clinics, and the consequences of a cyberattack can be disastrous, as one Toronto-based clinic recently found out!
In fact, since the pandemic began, healthcare cybercrime has increased by 600%, and there has been a surge in email phishing and malware distribution across the Canadian healthcare system. The Government of Canada has issued guidance on cyber security in healthcare in response to the rising threat.
Ultimately, being underprepared and under-secured not only risks personal health information but can also leave a clinic without access to their EMR, calendars and billing, causing chaos. A cyberattack can also cause significant financial damage, with a potential ransom and lost revenues totalling tens of thousands of dollars. There is a risk of substantial reputational damage within the community too.
So, with the healthcare industry under increasing attack, it’s time for every clinic in Canada to move beyond their ‘IT Guy’ and take cybersecurity as seriously as possible.
But to do that, Canadian physicians and clinic owners need support. After all, why would anyone expect a physician or their outsourced IT to be an expert on cybersecurity? What should clinics look for, and what strategies or services will help them stay protected?
The Major Cyber Security Threats to Canadian Clinics
The Canadian Centre for Cybersecurity highlights four ways cybercriminals attack and disrupt healthcare providers. While each of these threats is different, they all risk similar outcomes.
Phishing
Phishing is where a cyber attacker tries to trick users into giving away data, like their EMR login credentials. Most phishing attacks rely on mimicking emails from a sender the user trusts.
Healthcare Ransomware
Ransomware denies users access to essential software, such as EMR, scheduling, and billing software, until they pay a ransom. There have been several high-profile healthcare ransomware attacks in Canada.
Denial of Service (DoS)
These attacks look to crash computer systems or websites with a surge in demand or web traffic which causes chaos. Attackers then hope to capitalize on the disruption and panic.
Password Spraying
These attacks use automation and scale to guess passwords by attempting common passwords on multiple accounts. Password spraying is made possible by generic or simple passwords.
Essential Cybersecurity First Steps for Canadian Clinics
Every clinic in Canada should be taking common cyber security prevention measures. Communicating these key messages is the goal of Cyber Security Awareness Month.
Every clinic should:
- Maintain regular cybersecurity education and training sessions
- Exercise caution when opening attachments or links
- Keep devices and systems up to date
- Avoiding simple, generic, or shared passwords
- Use multi-factor authentication
These are all security measures that most physicians and support staff can implement, understand, and follow.
However, it isn’t as simple as just following these steps and downloading some desktop antivirus software. There are other actions clinics should take that are harder for clinicians to follow on their own.
For example, securing the work environment means using a secure Wi-Fi network. And ensuring all devices are running appropriate antivirus software. This is the point at which many clinics find it harder to keep up and where additional 3rd party IT and cybersecurity support is needed.
That’s where WELL Health’s Cybersecurity Division comes in. We want to ensure Canadian clinics can access IT and cybersecurity services designed for clinics but managed by experts.
WELL’s Healthcare Cybersecurity Services
Safeguarding patient data is a priority for WELL Health. In fact, it is one of three environmental, social, and governance (ESG) priorities that WELL has committed to. Our goal is to improve the standard of data protection available to the healthcare industry.
We also understand that asking physicians to be experts in IT and cybersecurity is yet another distraction from providing care. Especially in small clinics, maintaining safe and reliable systems requires time, knowledge, and resources.
That’s why SecureSolutionsNow, a key part of WELL’s Cybersecurity Division, offers affordable Managed IT & Cybersecurity services designed to meet the needs of Canadian clinics.
SecureSolutionsNow supports the WELL Health Clinic Network, but their suite of services is also available to independent clinics across Canada looking for cost-effective, enterprise-quality solutions. They provide clinics with the tools to protect patient data and defend their business from disruptive and expensive cyberattacks.
SecureSolutionsNow offers a Core Solution that includes:
- Email Encryption and Protection: People are the primary target in all phishing campaigns, and 90% of all attacks originate via email. Compliance also dictates that emails must be encrypted if PHI is present.
- User Awareness Training: By teaching cybersecurity fundamentals, SecureSolutionsNow empowers employees to protect clinics from common cyberattacks.
- Endpoint Protection: Traditional antivirus products are no longer effective against today’s advanced attacks. SecureSolutionsNow couples AI with a team of experts to identify unusual behaviour and protect systems from known and new attack campaigns.
- Data Backup: Data backups place your clinic in a position to minimize disruption and avoid paying costly ransomware demands in the event of a cyberattack.
SecureSolutionsNow also provides additional services that can enhance a clinic’s security, including secure remote access so physicians can safely access clinic and patient information remotely. And secure Wi-Fi allows physicians and patients access a safe and reliable internet connection while in the clinic.
To ensure clinics have support when they need it most, SecureSolutionsNow provides unlimited remote support. Our Helpdesk helps clinics solve problems if they arise. And if the unthinkable happens, SecureSolutionsNow also offers Incident Response and Forensic services. The SecureSolutionsNow team will work with clinics to manage cyberattacks and help physicians get back on track quickly.
This level of expertise and engagement provides an essential layer of security for healthcare providers and a substantial upgrade on bringing in an ‘IT Guy’ and hoping for the best!
Ultimately, SecureSolutionsNow offers an affordable and comprehensive solution for clinics that provides access to expertise and peace of mind.
WELL’s Cybersecurity Division
SecureSolutionsNow is not the only way WELL invests in safeguarding patient data and helping physicians to do the same.
WELL Health’s Cybersecurity Division provides products and services designed to protect PHI and essential systems across the WELL Clinic Network and beyond. To do that requires looking at both the attacking and defending side of security.
“There’s always an attacking and defending side of security. On the defensive side, we’re building up protective controls to protect patient records. The offensive side is equally important. You want to know where you have vulnerabilities. So proactively testing your systems for security vulnerabilities is important,” explains Iain Paterson, WELL Health CISO.
The remaining businesses in WELL’s Cybersecurity Division help to deal with both sides of security, providing WELL Health with a comprehensive strategy for protecting the most valuable asset we manage – patient data.
On the offensive side of security, Cycura helps organizations – including WELL Health – ensure all aspects of their infrastructure are safe and secure. They provide penetration testing and threat risk assessments that pinpoint vulnerabilities to WELL Health and to large enterprises, including national retailers and airlines.
Cycura plays a vital role in assessing the security of potential new businesses, clinical applications, and clinics that join the WELL Health family, ensuring that every part of WELL is adequately secured.
Source44 is very much on the defensive side of security. They sell cyber security products, integrate them, and manage these services for their clients.
Source44 deploys, proactively monitors, and updates their range of tools to ensure WELL Health and our clinics are secure, building up protection against various potential threats.
WELL’s Corporate IT Services
By combining the services of the WELL Cybersecurity Division with our Corporate IT, WELL has standardized and enterprise-level security in all our clinics.
This standardized approach also means that WELL Clinics have access to enterprise-grade hardware that enables our Corporate IT to maintain 24/7 monitoring across our clinic network.
“WELL makes significant investments towards constantly improving the cybersecurity posture of our own clinics. Those improvements make a real difference to the security of patient data,” explains Iain Paterson, CISO at WELL Health.
Safeguarding Patient Data
We are helping practitioners do what they do best – care for their patients. From ensuring best practices in our WELL Health Clinic Network to providing cybersecurity services across Canada, WELL’s Cybersecurity Division focuses on safeguarding patient data and providing support to physicians.
If you are looking to upgrade your clinic’s cybersecurity, contact SecureSolutionsNow for a free consultation.
