Cybersecurity in Health: We’re in this together

As the national voice of Canada’s hospitals and healthcare organizations, HealthCareCAN is partnering with organizations in an effort to create and sustain a dialogue between cybersecurity experts and health leaders, and to cultivate cybersecurity capacity and expertise within Canada’s health sector.

Moving Forward for Cybersafe Healthcare

Lax cybersecurity threatens to undermine the security of the critical infrastructure upon which we all depend and to endanger the safety of the patients and communities we serve. Ultimately, these new technologies, if not properly managed and secured, may prove to be our sector’s greatest vulnerability in a moment of crisis.

CCTX is an independent, not-for-profit organization, launched in 2016 that helps Canadian businesses and consumers detect and mitigate cyber attacks. CCTX acts as a node in which threat information from various industries and sectors can be analyzed, to the benefit of all members. Partners in CCTX provide access to internal data, which CCTX then collects, analyzes, aggregates, and anonymizes for distribution within the network. Any threats detected through this process are identified, and all members are alerted to threats with advice on strategies for mitigation. CCTX’s approach is consistent with the National Strategy for Critical Infrastructure and the network was recently joined by key federal departments, including Public Safety Canada and the Canadian Communications Security Establishment.

Cyber Essentials Canada is a platform that allows firms to undertake self-assessment of cyber resilience based on five key security controls: (1) firewalls and gateways, (2) secure configuration, (3) access control, (4) malware protection, and (5) patch  management. Compliance with Cyber Essentials standards is estimated to prevent approximately 80% of common internet attacks. Certification with Cyber Essentials is compulsory in the United Kingdom for firms doing business with the government.

The Canadian Centre for Cyber Security (Cyber Centre) is Canada’s authority on cyber security. We have united existing operational cyber security expertise from Public Safety Canada, Shared Services Canada, and the Communications Security Establishment in to one high-functioning, responsive organization. The Cyber Centre leads the government’s response to cyber security events. We work to protect and defend the country’s valuable cyber assets. We work side-by-side with the private and public sectors to solve Canada’s most complex cyber issues. We help to develop Canada’s cyber security talent. We are the National CERT (Computer Emergency Response Team), and the Government of Canada CIRT (Computer Incident Response Team), working in close collaboration with government departments, critical infrastructure, Canadian businesses and international partners to respond to and mitigate cyber events.

The Canadian Critical Infrastructure Information Gateway is a collaborative, unclassified workspace for the critical infrastructure community with the aim of facilitating information sharing in support of building a safer, more secure and more resilient Canada. Critical infrastructure owner/operators can gain the benefit of joint expertise as well as rapid access to threat information by joining and participating in the Gateway.

HIROC is a non-profit insurance reciprocal serving Canada’s healthcare organizations with cost-effective and comprehensive insurance coverage and risk management solutions to help subscribers make better decisions. HIROC has published a guide to cyber risk management in Canadian healthcare organizations that includes advice on how to protect your organization from breaches, threats and vulnerabilities.

Firstreceivers.ca is a community of practice that links health professionals with up to date resources and news in response to disasters that affect healthcare critical infrastructure. The community is administered by the Centre for Excellence on Emergency Preparedness, which promotes excellence and standards of care for emergency preparedness and response.

The American Hospital Association (AHA) has been a leader in improving the United States healthcare system’s resilience against cyber threats. Incisive commentary and advice on leadership in healthcare cybersecurity is available in AHA’s Cybersecurity and Hospitals Series: Questions Hospital Leaders Should Ask and What Hospital Trustees Need to Know.

CSE’s Top 10 Security Actions – The Communications Security Establishment (CSE) publishes a set of ‘top 10’ security actions based on its analysis of cyber threat trends affecting Internet-connected networks. When implemented as a set, the Top 10 help minimize intrusions and mitigate the effects of an intrusion if one occurs.