New technologies are penetrating into every facet of health and healthcare; a trend that will only accelerate in the years to come. In the main, this is a very good thing. Increasingly, digital infrastructure is also becoming the backbone of a broad range of everyday health services. More broadly, the newly digitized and networked landscape is turning out to be a core feature of a modern, responsive, and resilient healthcare system.
Yet healthcare’s brave new world also poses new and frightening challenges for healthcare leaders, governments, patients, and the public. These new technologies, if not properly managed and secured, may prove to be our sector’s greatest vulnerability in a moment of crisis. HealthCareCAN recognizes the importance of promoting resilient infrastructure; a project that very much includes shoring up our sector’s cybersecurity posture.
Cybersecurity in the time of COVID
The COVID-19 outbreak has had a spillover effect on the cybersecurity resilience of healthcare organizations. The increase in remote work has also made healthcare organizations across Canada much more vulnerable to network penetration during the COVID-19 pandemic.
Cybersecurity in Health: We’re in this together
As the national voice of Canada’s hospitals and healthcare organizations, HealthCareCAN is partnering with organizations in an effort to create and sustain a dialogue between cybersecurity experts and health leaders, and to cultivate cybersecurity capacity and expertise within Canada’s health sector.
Moving Forward for Cybersafe Healthcare
Lax cybersecurity threatens to undermine the security of the critical infrastructure upon which we all depend and to endanger the safety of the patients and communities we serve. Ultimately, these new technologies, if not properly managed and secured, may prove to be our sector’s greatest vulnerability in a moment of crisis.
Signatories of the Declaration of commitment to cybersafe healthcare
CCTX is an independent, not-for-profit organization, launched in 2016 that helps Canadian businesses and consumers detect and mitigate cyber attacks. CCTX acts as a node in which threat information from various industries and sectors can be analyzed, to the benefit of all members. Partners in CCTX provide access to internal data, which CCTX then collects, analyzes, aggregates, and anonymizes for distribution within the network. Any threats detected through this process are identified, and all members are alerted to threats with advice on strategies for mitigation. CCTX’s approach is consistent with the National Strategy for Critical Infrastructure and the network was recently joined by key federal departments, including Public Safety Canada and the Canadian Communications Security Establishment.
Cyber Essentials Canada is a platform that allows firms to undertake self-assessment of cyber resilience based on five key security controls: (1) firewalls and gateways, (2) secure configuration, (3) access control, (4) malware protection, and (5) patch management. Compliance with Cyber Essentials standards is estimated to prevent approximately 80% of common internet attacks. Certification with Cyber Essentials is compulsory in the United Kingdom for firms doing business with the government.
The Canadian Centre for Cyber Security (Cyber Centre) is Canada’s authority on cyber security. We have united existing operational cyber security expertise from Public Safety Canada, Shared Services Canada, and the Communications Security Establishment in to one high-functioning, responsive organization. The Cyber Centre leads the government’s response to cyber security events. We work to protect and defend the country’s valuable cyber assets. We work side-by-side with the private and public sectors to solve Canada’s most complex cyber issues. We help to develop Canada’s cyber security talent. We are the National CERT (Computer Emergency Response Team), and the Government of Canada CIRT (Computer Incident Response Team), working in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to respond to and mitigate cyber events.
The Canadian Critical Infrastructure Information Gateway is a collaborative, unclassified workspace for the critical infrastructure community with the aim of facilitating information sharing in support of building a safer, more secure and more resilient Canada. Critical infrastructure owner/operators can gain the benefit of joint expertise as well as rapid access to threat information by joining and participating in the Gateway.
HIROC is a non-profit insurance reciprocal serving Canada’s healthcare organizations with cost-effective and comprehensive insurance coverage and risk management solutions to help subscribers make better decisions. HIROC has published a guide to cyber risk management in Canadian healthcare organizations that includes advice on how to protect your organization from breaches, threats and vulnerabilities.
Firstreceivers.ca is a community of practice that links health professionals with up to date resources and news in response to disasters that affect healthcare critical infrastructure. The community is administered by the Centre for Excellence on Emergency Preparedness, which promotes excellence and standards of care for emergency preparedness and response.
The American Hospital Association (AHA) has been a leader in improving the United States healthcare system’s resilience against cyber threats. Incisive commentary and advice on leadership in healthcare cybersecurity is available in AHA’s Cybersecurity and Hospitals Series: Questions Hospital Leaders Should Ask and What Hospital Trustees Need to Know.
CSE’s Top 10 Security Actions – The Communications Security Establishment (CSE) publishes a set of ‘top 10’ security actions based on its analysis of cyber threat trends affecting Internet-connected networks. When implemented as a set, the Top 10 help minimize intrusions and mitigate the effects of an intrusion if one occurs.