Connect with us

Business

LifeLabs cyberattack one of 'several wake-up calls' for eHealth security and privacy – CBC.ca

Published

 on


The data breach of the Canadian laboratory testing company LifeLabs is one of “several wake-up calls” for security and privacy challenges that come with the push for a medical system in which eHealth plays a significant role.

“The medical field for us is one of the worst when it comes to cyber security practices,” said David Kennedy, cyber security expert and founder and CEO of TrustedSec, an information security consulting firm.

“What’s interesting about the large push for electronic patient health-care information that you put online is that a lot of these organizations are not designed to withstand attacks.”

Many health-care organizations and professionals are big advocates for eHealth. On its website, Heath Canada describes eHealth as “an essential element of health-care renewal,” which will “result in benefits to Canadians through improvements in system accessibility, quality and efficiency.”

The Electronic Health Record, for example, allows the sharing of necessary information between care providers across medical disciplines and institutions. 

But on Monday, LifeLabs — Canada’s largest provider of general diagnostic and specialty laboratory testing services — announced that a cyberattack on its computer systems had forced the company to pay a ransom to retrieve the sensitive information of millions of customers.

LifeLabs president Charles Brown wrote that information related to about 15 million customers, mainly in British Columbia and Ontario, may have been accessed during the breach.

LifeLabs announced that a cyberattack on its computer systems had forced the company to pay a ransom to retrieve the sensitive information of millions of customers. (Cultura RF/Getty Images)

Other security breaches

And that attack was just the most recent breach in Canada. Just months ago, hackers crippled the computer systems of three Ontario hospitals. 

Meanwhile, in Alberta, breaches have included the disappearance of an unencrypted hard drive containing the personal health information of 650 patients at the Mazankowski Alberta Heart Institute in August, and the inappropriate access of 2,158 electronic health records by Alberta Public Laboratories staff at the Red Deer Regional Hospital Centre earlier this year.    

We’ve probably had several wake-up calls, but it still seems like lots of folks are asleep at the wheel,” said Beau Woods, a cyber safety innovation fellow with the U.S. think-tank Atlantic Council.

Woods suggested it was troubling that Brown didn’t know whether or not the LifeLabs records were encrypted.

“Whether or not encrypted records would have protected the data in this case is to be seen,” he said. “The fact that the CEO, even after probably talking to IT can’t say whether the records are encrypted, says that there’s some kind of fundamental breakdown in governance.”

Hackers like to target hospitals and medical facilities, which are often on very tight IT budgets, said David Masson, director of enterprise security for Darktrace, a cyber AI company.

“They know they’ll be struggling to actually secure their IT networks. So they will see them as easy targets. And that’s why they go after them,” Masson said. 

So security usually falls by the wayside in many cases for most organizations. Security ends up being a very small percentage if any in most hospitals, most health-care providers.– David Kennedy, founder and CEO of TrustedSec

One of the problems is that medical institutions see themselves solely as health-care providers, meaning IT security doesn’t get the focus it needs, TrustedSec’s Kennedy said. 

“So security usually falls by the wayside in many cases for most organizations. Security ends up being a very small percentage if any in most hospitals, most health-care providers that we see out there today.”

Tom Keenan, a University of Calgary professor who specializes in cyber security and researched the issue of electronic health records, said not all hospitals are lax when it comes to IT security, and that it varies across Canada how well hospitals treat the issue.

While human error is often the weakest link, another factor, he said, is that people who build these systems also sell optional extras for security.

‘Take extra measures’

In one particular case he studied, the people who ran the health authority knew they had vulnerabilities and bought an extra auditing package, but never installed it.

“We can take extra measures,” he said. “We need to tighten things up.

Despite the security issues, Keenan said there’s no need to pause when it comes to the push for eHealth, but just beef up security.

“We don’t want to slow it down. If anything, we want to speed it up,” he said. “Full steam ahead but with due regard to caution.”

“I trust my lab, but I would also like them to publish periodically [that they’ve] been audited by a third-party cyber security company.

There’s a lot of cyber hygiene things that you could do that aren’t expensive — that actually can be less costly than not doing them.– Beau Woods, cyber security expert

As well, medical facilities should hire cyber security firms to conduct penetration tests, to determine the vulnerability of their system, he said.

Woods, the cyber security expert, said there are some simple remedies for medical facilities, like updating their software or having multi-factor authentication.

“There’s a lot of cyber hygiene things that you could do that aren’t expensive — that actually can be less costly than not doing them,” he said. “Not looking at cost of breaches and things like that, just operationally less costly and more secure.”

University of Calgary Prof. Tom Keenan says not all hospitals are lax when it comes to IT security, and that it varies across Canada how well hospitals treat the issue. (Kate Adach/CBC)

Sandy Buchman, president of the Canadian Medical Association, said he believes in terms of the human component of security, hospitals are making “extreme efforts” to protect patient privacy.

‘Breaks down trust’

But he said he understands how incidents like the LifeLabs data breach can shake a patient’s trust. 

“It could be something way beyond a physician or hospital’s control, like these cyberattacks that are occurring, but it still breaks down trust in the overall system.

The medical community has to be diligent and press for the improvements needed in the security of personal health information, he said.

“We have to be better as a health-care community in demanding that. I’m not a cyber security expert. I know we can’t let off the pressure — to be pressing for this at all times in whatever ways are technologically possible.”

Let’s block ads! (Why?)

728x90x4

Source link

Business

Climate-related extreme weather puts oil and gas assets, production at risk – Canada News – Castanet.net

Published

 on


[unable to retrieve full-text content]

Climate-related extreme weather puts oil and gas assets, production at risk – Canada News  Castanet.netView Full Coverage on Google News

728x90x4

Source link

Continue Reading

Business

LCBO strike over after company, union settle last-minute dispute to finalize tentative deal – Toronto Star

Published

 on


[unable to retrieve full-text content]

  1. LCBO strike over after company, union settle last-minute dispute to finalize tentative deal  Toronto Star
  2. CTV National News: End of a dry July  CTV News
  3. LCBO strike ends: 10,000 unionized employees back to work Monday, stores opening Tuesday  National Post
  4. LCBO strike to end with stores set to reopen Tuesday  CBC.ca
  5. LCBO confirms strike over, stores to reopen Tuesday after deal was put on hold  Ottawa Citizen

728x90x4

Source link

Continue Reading

Business

Half of Ontarians support union’s goals in ongoing LCBO strike: poll

Published

 on

Fewer than one-third of Ontarians say they want the provincial government to intervene to end the 12-day strike at Ontario’s main liquor retailer, while about half are supportive of the striking union’s demands.

That’s according to a new Leger poll that asked if the government should use binding arbitration or legislation to ensure LCBO stores open as soon as possible.

Twenty-nine per cent of respondents supported such a move, while 44 per cent opposed it. The poll also asked if respondents support the union’s stated goals, including wage increases and more permanent positions. Just under half, 49 per cent, answered in the affirmative, while 25 per cent said they were not supportive.

Awareness of the strike in Ontario is high, according to the poll, with 89 per cent saying they knew about it, though only 15 per cent reported being personally affected. The Leger poll of 601 residents, conducted last weekend, can’t be assigned a margin of error because online surveys are not considered truly random samples.

Approximately 10,000 workers at the LCBO walked off the job on July 5 after negotiations broke down.

The union representing the workers said the sides were headed back to the bargaining table Wednesday.

The Ontario Public Service Employees Union has said the main issue is the province’s alcohol expansion plans that would see ready-to-drink cocktails sold outside LCBO stores — a move it maintains poses an existential threat to the LCBO and could lead to major job losses.

Colleen MacLeod, chair of the union’s LCBO bargaining unit, has said the plan would “mean thousands of lost jobs, fewer hours for the 70 per cent of LCBO retail workers who are casual and struggling to make ends meet, and hundreds of millions in dollars of lost public revenues drained from health care, education and infrastructure.”

The LCBO, a Crown corporation, nets the province $2.5 billion a year.

On Monday, the Ontario government sped up its expansion plan. The 450 stores across Ontario already licensed to sell beer, wine and ciders will be able to start ordering coolers and seltzers on Thursday and sell them as soon as they arrive.

The province has said it does not want to privatize the LCBO, and that the expansion is about giving people more choice and more convenience to buy alcohol.

Stephanie Ross, an associate professor in the school of labour studies at McMaster University, said Premier Doug Ford doesn’t have a great reputation when it comes to labour, given the high-profile disputes in recent years with health-care and education workers. And he’s faced accusations of making policy moves that benefit friends in the private sector, a criticism that’s been levied against him in the LCBO dispute.

“There is a base of support for the union’s message here, both in terms of the working conditions that they’re trying to fight to improve, and in terms of the role that the LCBO plays in funding public services in the province,” she said.

But the public may not be as sympathetic to LCBO workers as it has been to some others, like in the Metro grocery workers’ strike last year, she said — a relatively straightforward fight by low-paid workers struggling to afford food against the industry being partially blamed for food prices.

“And so in the depths of a kind of historic cost-of-living crisis, I think it was easier to feel sympathy for such workers in terms of really having to fight to make up lost ground.”

That means the LCBO union has its work cut out to try and convince the public of its cause, said Ross, especially when consumers are already divided on the liquor privatization issue in the first place. She thinks the union is doing a good job, however, of arguing the case for the LCBO as a public asset that helps fund important public services.

Larry Savage, a professor in the labour studies department at Brock University, said it’s clear both the union and the Ford government “are working hard to win over the public to their respective positions.”

The union has a “potentially powerful strategy” to gain public support, but it’s not a surefire one, he said in an email.

This strategy “requires people to connect the dots between the privatization of the LCBO and the loss of a critical revenue stream that contributes billions to public services like health care and education.”

Meanwhile, the government’s strategy has been to try and leverage consumer frustration over the strike in order to drive more support for increased privatization, said Savage.

“It’s a high-risk strategy because a heavy-handed approach can sometimes backfire and garner greater sympathy for the workers and their cause.”

In the Leger poll, 32 per cent of respondents said they looked for alternative locations to buy alcohol due to the strike, and while 15 per cent said they were concerned the strike could cause them to spend more money on alcohol.

Savage said while many consumers are likely inconvenienced, he also thinks most Ontarians are suspicious of the premier’s intentions when it comes to the LCBO: “It’s a classic case of private profits over the public good.”

This report by The Canadian Press was first published July 17, 2024.

 

728x90x4

Source link

Continue Reading

Trending