{"id":35607,"date":"2023-02-15T11:01:27","date_gmt":"2023-02-15T16:01:27","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=527412"},"modified":"2023-02-16T10:05:58","modified_gmt":"2023-02-16T15:05:58","slug":"management-lack-of-money-blamed-for-poor-cybersecurity-at-canadian-hospitals","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/management-lack-of-money-blamed-for-poor-cybersecurity-at-canadian-hospitals\/","title":{"rendered":"Management, lack of money blamed for poor cybersecurity at Canadian hospitals"},"content":{"rendered":"

The biggest impediment to improving the cybersecurity of Canadian hospitals is \u201clack of focus\u201d of management and lack of money, says the head of the country\u2019s .ca registry.<\/p>\n

Bryon Holland, chief executive officer (CEO) of the Canadian Internet Registration Authority<\/a> (CIRA) told a Tuesday Globe and Mail webinar on cybersecurity in the healthcare sector that just short of 30 per cent of all organizations in this country have suffered a data breach.<\/p>\n

\u201cIf a third of homes were broken into, or a third of business and hospitals were being [physically] criminalized, there would be an incredible uproar,\u201d he argued.<\/p>\n

But in the digital world, people don\u2019t see the impact, so there is little support for more resources. CIOs and IT pros in healthcare tell CIRA the number one reason hospitals find it hard to fight cyber attacks is \u201clack of focus and money\u201d to put in systems and technologies to keep up with the volume of attacks, Holland said.<\/p>\n

Hospital management needs \u201ca mindset upgrade,\u201d he maintained. Cybersecurity \u201cis an executive problem. This is a CEO, senior executive board problem, because there is liability and fiduciary risk at the top of the organization.\u201d<\/p>\n

They need to understand the solution is taking holistic security seriously \u2014 everything from installing multilayered defence in depth, DNS hardened firewalls, multifactor authentication and access control. These, he said are \u201ctable stakes.\u201d<\/p>\n

But he also said that cybersecurity \u201cis not just the IT folks\u2019 problem.\u201d<\/p>\n

In fact he claimed that \u201cmost compromises happening now are because people are compromised, not a firewall or a piece of tech.\u201d That\u2019s why cybersecurity awareness training is also important, he said.<\/p>\n

Panel members included Jeff Curtis, chief privacy officer at Toronto\u2019s Sunnybrook Health Sciences Centre;<\/a> Steven Tam, chief data governance and privacy officer at Vancouver Coastal Health<\/a>, which oversees all hospitals in the Vancouver area; and Hudda Idrees, CEO of Dot Health<\/a>, a provider of mobile healthcare solutions for individuals and healthcare providers.<\/p>\n

Hospitals and clinics have long been targets of hackers who believe the institutions are more willing than others to pay for the return of stolen data. For-profit hospitals and clinics are seen as a source of credit and debit card information in addition to sensitive medical data on patients. Non-profit hospitals often don\u2019t have the money to make cybersecurity a priority.<\/p>\n

Hospitals in Canada recently hit include Toronto\u2019s Hospital for Sick Children<\/a> and Lindsay, Ont.\u2019s Ross Memorial Hospital.<\/a> In the U.S., where for-profit hospital chains serve millions of people, California-based Regal Medical Group is now sending data breach notices<\/a> to more than three million patients after suffering a ransomware attack late last year.<\/p>\n

One of the worst attacks in Canada took place in Newfoundland and Labrador in 2021, when attackers copied years of patient and employee data from the provincial system<\/a>.<\/p>\n

Hospitals aren\u2019t the only healthcare institutions hit. In 2019, hackers accessed medical lab results of 15 million Canadians when LifeLabs, the country\u2019s biggest medical lab serving doctors, was hacked. The privacy commissioners of Ontario and British Columbia said the company failed to follow provincial data health protection laws.<\/a><\/p>\n

Despite billions of dollars in annual healthcare spending in Canada, \u201cfunding for cybersecurity is getting short shrift,\u201d Holland told the panel.<\/p>\n

He got support for that from Indrees, who noted Ontario alone spends $70 billion a year on healthcare. \u201cI don\u2019t think it\u2019s lack of funding. It\u2019s just that people don\u2019t think it [cybersecurity] is important enough.\u201d While the province has set up a Digital Health Information Exchange, she said spending on \u201cpractical, tangible pieces of software or training \u2026 is seriously lacking.\u201d<\/p>\n

Hospitals spending more on IT in general will only exacerbate the problem, said Curtis. Money has to be targeted for cybersecurity.<\/p>\n

However, he also said for better security, more institutions should be adopting shared systems. For example, there are shared diagnostic imaging services in Ontario used by many hospitals and medical practitioners.<\/p>\n

He and others also pointed to a serious problem in Canadian hospitals: Legacy software and hardware that impedes the adoption of more secure technologies.<\/p>\n

Tam said hospital CEOs and CIOs have to see cybersecurity as separate from IT in their budgets.<\/p>\n

Proper governance is also important, he said. \u201cWe need to come together to collectively tackle these issues, to identify what the risks are and identify the solutions., If we\u2019re working together, we can also improve our [cybersecurity] practices across the board. We have a diverse, broad healthcare system. We need to think how we govern our data and systems across the healthcare sector\u201d rather than one hospital at a time.<\/p>\n

The post Management, lack of money blamed for poor cybersecurity at Canadian hospitals<\/a> first appeared on IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"

Healthcare experts told a webinar that legacy IT systems, lack of money are hindering security at Canadian<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[358,16],"tags":[840,408,393,275],"class_list":["post-35607","post","type-post","status-publish","format-standard","hentry","category-medical","category-security","tag-cira","tag-healthcare","tag-security-strategies","tag-top-story"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35607","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=35607"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35607\/revisions"}],"predecessor-version":[{"id":35659,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/35607\/revisions\/35659"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=35607"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=35607"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=35607"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}