The data breach of the Canadian laboratory testing company LifeLabs is one of “several wake-up calls” for security and privacy challenges that come with the push for a medical system in which eHealth plays a significant role.
“The medical field for us is one of the worst when it comes to cyber security practices,” said David Kennedy, cyber security expert and founder and CEO of TrustedSec, an information security consulting firm.
“What’s interesting about the large push for electronic patient health-care information that you put online is that a lot of these organizations are not designed to withstand attacks.”
Many health-care organizations and professionals are big advocates for eHealth. On its website, Heath Canada describes eHealth as “an essential element of health-care renewal,” which will “result in benefits to Canadians through improvements in system accessibility, quality and efficiency.”
The Electronic Health Record, for example, allows the sharing of necessary information between care providers across medical disciplines and institutions.
But on Monday, LifeLabs — Canada’s largest provider of general diagnostic and specialty laboratory testing services — announced that a cyberattack on its computer systems had forced the company to pay a ransom to retrieve the sensitive information of millions of customers.
LifeLabs president Charles Brown wrote that information related to about 15 million customers, mainly in British Columbia and Ontario, may have been accessed during the breach.
LifeLabs announced that a cyberattack on its computer systems had forced the company to pay a ransom to retrieve the sensitive information of millions of customers. (Cultura RF/Getty Images)
Meanwhile, in Alberta, breaches have included the disappearance of an unencrypted hard drive containing the personal health information of 650 patients at the Mazankowski Alberta Heart Institute in August, and the inappropriate access of 2,158 electronic health records by Alberta Public Laboratories staff at the Red Deer Regional Hospital Centre earlier this year.
“We’ve probably had several wake-up calls, but it still seems like lots of folks are asleep at the wheel,” said Beau Woods, a cyber safety innovation fellow with the U.S. think-tank Atlantic Council.
Woods suggested it was troubling that Brown didn’t know whether or not the LifeLabs records were encrypted.
“Whether or not encrypted records would have protected the data in this case is to be seen,” he said. “The fact that the CEO, even after probably talking to IT can’t say whether the records are encrypted, says that there’s some kind of fundamental breakdown in governance.”
Hackers like to target hospitals and medical facilities, which are often on very tight IT budgets, said David Masson,director of enterprise security for Darktrace, a cyber AI company.
“They know they’ll be struggling to actually secure their IT networks. So they will see them as easy targets. And that’s why they go after them,” Masson said.
So security usually falls by the wayside in many cases for most organizations. Security ends up being a very small percentage if any in most hospitals, most health-care providers.– David Kennedy, founder and CEO of TrustedSec
One of the problems is that medical institutions see themselves solely as health-care providers, meaning IT security doesn’t get the focus it needs, TrustedSec’s Kennedy said.
“So security usually falls by the wayside in many cases for most organizations. Security ends up being a very small percentage if any in most hospitals, most health-care providers that we see out there today.”
Tom Keenan, a University of Calgary professor who specializes in cyber security and researched the issue of electronic health records, saidnot all hospitals are lax when it comes to IT security, and that it varies across Canada how well hospitals treat the issue.
While human error is often the weakest link, another factor, he said, is that people who build these systems also sell optional extras for security.
‘Take extra measures’
In one particular case he studied, the people who ran the health authority knew they had vulnerabilities and bought an extra auditing package, but never installed it.
“We can take extra measures,” he said. “We need to tighten things up.“
Despite the security issues, Keenan said there’s no need to pause when it comes to the push for eHealth, but just beef up security.
“We don’t want to slow it down. If anything, we want to speed it up,” he said. “Full steam ahead but with due regard to caution.”
“I trust my lab, but I would also like them to publish periodically [that they’ve] been audited by a third-party cyber security company.“
There’s a lot of cyber hygiene things that you could do that aren’t expensive — that actually can be less costly than not doing them.– Beau Woods, cyber security expert
As well, medical facilities should hire cyber security firms to conduct penetration tests, to determine the vulnerability of their system, he said.
Woods, the cyber security expert, said there are some simple remedies for medical facilities, like updating their software or having multi-factor authentication.
“There’s a lot of cyber hygiene things that you could do that aren’t expensive — that actually can be less costly than not doing them,” he said. “Not looking at cost of breaches and things like that, just operationally less costly and more secure.”
University of Calgary Prof. Tom Keenan says not all hospitals are lax when it comes to IT security, and that it varies across Canada how well hospitals treat the issue. (Kate Adach/CBC)
Sandy Buchman, president of the Canadian Medical Association, said he believes in terms of the human component of security, hospitals are making “extreme efforts” to protect patient privacy.
‘Breaks down trust’
But he said he understands how incidents like the LifeLabs data breach can shake a patient’s trust.
“It could be something way beyond a physician or hospital’s control, like these cyberattacks that are occurring, but it still breaks down trust in the overall system.
The medical community has to be diligent and press for the improvements needed in the security of personal health information, he said.
“We have to be better as a health-care community in demanding that. I’m not a cyber security expert. I know we can’t let off the pressure — to be pressing for this at all times in whatever ways are technologically possible.”
Netflix on Thursday reported that its subscriber growth slowed dramatically during the summer, a sign the huge gains from the video-streaming service’s crackdown on freeloading viewers is tapering off.
The 5.1 million subscribers that Netflix added during the July-September period represented a 42% decline from the total gained during the same time last year. Even so, the company’s revenue and profit rose at a faster pace than analysts had projected, according to FactSet Research.
Netflix ended September with 282.7 million worldwide subscribers — far more than any other streaming service.
The Los Gatos, California, company earned $2.36 billion, or $5.40 per share, a 41% increase from the same time last year. Revenue climbed 15% from a year ago to $9.82 billion. Netflix management predicted the company’s revenue will rise at the same 15% year-over-year pace during the October-December period, slightly than better than analysts have been expecting.
The strong financial performance in the past quarter coupled with the upbeat forecast eclipsed any worries about slowing subscriber growth. Netflix’s stock price surged nearly 4% in extended trading after the numbers came out, building upon a more than 40% increase in the company’s shares so far this year.
The past quarter’s subscriber gains were the lowest posted in any three-month period since the beginning of last year. That drop-off indicates Netflix is shifting to a new phase after reaping the benefits from a ban on the once-rampant practice of sharing account passwords that enabled an estimated 100 million people watch its popular service without paying for it.
The crackdown, triggered by a rare loss of subscribers coming out of the pandemic in 2022, helped Netflix add 57 million subscribers from June 2022 through this June — an average of more than 7 million per quarter, while many of its industry rivals have been struggling as households curbed their discretionary spending.
Netflix’s gains also were propelled by a low-priced version of its service that included commercials for the first time in its history. The company still is only getting a small fraction of its revenue from the 2-year-old advertising push, but Netflix is intensifying its focus on that segment of its business to help boost its profits.
In a letter to shareholder, Netflix reiterated previous cautionary notes about its expansion into advertising, though the low-priced option including commercials has become its fastest growing segment.
“We have much more work to do improving our offering for advertisers, which will be a priority over the next few years,” Netflix management wrote in the letter.
As part of its evolution, Netflix has been increasingly supplementing its lineup of scripted TV series and movies with live programming, such as a Labor Day spectacle featuring renowned glutton Joey Chestnut setting a world record for gorging on hot dogs in a showdown with his longtime nemesis Takeru Kobayashi.
Netflix will be trying to attract more viewer during the current quarter with a Nov. 15 fight pitting former heavyweight champion Mike Tyson against Jake Paul, a YouTube sensation turned boxer, and two National Football League games on Christmas Day.
All orders are protected by SSL encryption – the highest industry standard for online security from trusted vendors.
All Magic Spells (TM) : Top Converting Magic Spell eCommerce Store is backed with a 60 Day No Questions Asked Money Back Guarantee. If within the first 60 days of receipt you are not satisfied with Wake Up Lean™, you can request a refund by sending an email to the address given inside the product and we will immediately refund your entire purchase price, with no questions asked.
All orders are protected by SSL encryption – the highest industry standard for online security from trusted vendors.
CPC Practice Exam is backed with a 60 Day No Questions Asked Money Back Guarantee. If within the first 60 days of receipt you are not satisfied with Wake Up Lean™, you can request a refund by sending an email to the address given inside the product and we will immediately refund your entire purchase price, with no questions asked.
