Connect with us

Business

LifeLabs cyberattack one of 'several wake-up calls' for eHealth security and privacy – CBC.ca

Published

 on


The data breach of the Canadian laboratory testing company LifeLabs is one of “several wake-up calls” for security and privacy challenges that come with the push for a medical system in which eHealth plays a significant role.

“The medical field for us is one of the worst when it comes to cyber security practices,” said David Kennedy, cyber security expert and founder and CEO of TrustedSec, an information security consulting firm.

“What’s interesting about the large push for electronic patient health-care information that you put online is that a lot of these organizations are not designed to withstand attacks.”

Many health-care organizations and professionals are big advocates for eHealth. On its website, Heath Canada describes eHealth as “an essential element of health-care renewal,” which will “result in benefits to Canadians through improvements in system accessibility, quality and efficiency.”

The Electronic Health Record, for example, allows the sharing of necessary information between care providers across medical disciplines and institutions. 

But on Monday, LifeLabs — Canada’s largest provider of general diagnostic and specialty laboratory testing services — announced that a cyberattack on its computer systems had forced the company to pay a ransom to retrieve the sensitive information of millions of customers.

LifeLabs president Charles Brown wrote that information related to about 15 million customers, mainly in British Columbia and Ontario, may have been accessed during the breach.

LifeLabs announced that a cyberattack on its computer systems had forced the company to pay a ransom to retrieve the sensitive information of millions of customers. (Cultura RF/Getty Images)

Other security breaches

And that attack was just the most recent breach in Canada. Just months ago, hackers crippled the computer systems of three Ontario hospitals. 

Meanwhile, in Alberta, breaches have included the disappearance of an unencrypted hard drive containing the personal health information of 650 patients at the Mazankowski Alberta Heart Institute in August, and the inappropriate access of 2,158 electronic health records by Alberta Public Laboratories staff at the Red Deer Regional Hospital Centre earlier this year.    

We’ve probably had several wake-up calls, but it still seems like lots of folks are asleep at the wheel,” said Beau Woods, a cyber safety innovation fellow with the U.S. think-tank Atlantic Council.

Woods suggested it was troubling that Brown didn’t know whether or not the LifeLabs records were encrypted.

“Whether or not encrypted records would have protected the data in this case is to be seen,” he said. “The fact that the CEO, even after probably talking to IT can’t say whether the records are encrypted, says that there’s some kind of fundamental breakdown in governance.”

Hackers like to target hospitals and medical facilities, which are often on very tight IT budgets, said David Masson, director of enterprise security for Darktrace, a cyber AI company.

“They know they’ll be struggling to actually secure their IT networks. So they will see them as easy targets. And that’s why they go after them,” Masson said. 

So security usually falls by the wayside in many cases for most organizations. Security ends up being a very small percentage if any in most hospitals, most health-care providers.– David Kennedy, founder and CEO of TrustedSec

One of the problems is that medical institutions see themselves solely as health-care providers, meaning IT security doesn’t get the focus it needs, TrustedSec’s Kennedy said. 

“So security usually falls by the wayside in many cases for most organizations. Security ends up being a very small percentage if any in most hospitals, most health-care providers that we see out there today.”

Tom Keenan, a University of Calgary professor who specializes in cyber security and researched the issue of electronic health records, said not all hospitals are lax when it comes to IT security, and that it varies across Canada how well hospitals treat the issue.

While human error is often the weakest link, another factor, he said, is that people who build these systems also sell optional extras for security.

‘Take extra measures’

In one particular case he studied, the people who ran the health authority knew they had vulnerabilities and bought an extra auditing package, but never installed it.

“We can take extra measures,” he said. “We need to tighten things up.

Despite the security issues, Keenan said there’s no need to pause when it comes to the push for eHealth, but just beef up security.

“We don’t want to slow it down. If anything, we want to speed it up,” he said. “Full steam ahead but with due regard to caution.”

“I trust my lab, but I would also like them to publish periodically [that they’ve] been audited by a third-party cyber security company.

There’s a lot of cyber hygiene things that you could do that aren’t expensive — that actually can be less costly than not doing them.– Beau Woods, cyber security expert

As well, medical facilities should hire cyber security firms to conduct penetration tests, to determine the vulnerability of their system, he said.

Woods, the cyber security expert, said there are some simple remedies for medical facilities, like updating their software or having multi-factor authentication.

“There’s a lot of cyber hygiene things that you could do that aren’t expensive — that actually can be less costly than not doing them,” he said. “Not looking at cost of breaches and things like that, just operationally less costly and more secure.”

University of Calgary Prof. Tom Keenan says not all hospitals are lax when it comes to IT security, and that it varies across Canada how well hospitals treat the issue. (Kate Adach/CBC)

Sandy Buchman, president of the Canadian Medical Association, said he believes in terms of the human component of security, hospitals are making “extreme efforts” to protect patient privacy.

‘Breaks down trust’

But he said he understands how incidents like the LifeLabs data breach can shake a patient’s trust. 

“It could be something way beyond a physician or hospital’s control, like these cyberattacks that are occurring, but it still breaks down trust in the overall system.

The medical community has to be diligent and press for the improvements needed in the security of personal health information, he said.

“We have to be better as a health-care community in demanding that. I’m not a cyber security expert. I know we can’t let off the pressure — to be pressing for this at all times in whatever ways are technologically possible.”

Let’s block ads! (Why?)



Source link

Business

Should children ages 5 to 11 be vaccinated? Hear from Dr. Fauci – CNN

Published

 on


Adblock test (Why?)



Source link

Continue Reading

Business

Facebook’s Zuckerberg lays out ‘metaverse’ vision at developers event

Published

 on

Facebook Inc CEO Mark Zuckerberg said privacy and safety would need to be built into the metaverse, as he opened the company’s annual conference on virtual and augmented reality on Thursday.

Facebook continues to battle criticism over its market power, its content moderation practices and harms linked to its social media platforms. The tech giant, which reports about 2.9 billion monthly users, has faced increasing scrutiny in recent years from global lawmakers and regulators.

In the latest controversy, whistleblower and former Facebook employee Frances Haugen https://www.reuters.com/technology/facebook-sees-safety-cost-whistleblower-says-2021-10-25 leaked documents which she said showed the company chose profit over user safety. Zuckerberg earlier this week said the documents were being used to paint a “false picture.”

The metaverse, a term first coined in a dystopian novel three decades ago and now attracting buzz in Silicon Valley, refers broadly to the idea of a shared virtual environment which can be accessed by people using different devices.

Zuckerberg has increasingly been promoting the idea of Facebook, which has invested heavily in augmented and virtual reality, as a “metaverse” company https://www.reuters.com/technology/facebook-sets-up-new-team-work-metaverse-2021-07-26 rather than a social media one.

The CEO, speaking during the live-streamed Facebook Connect event, gave examples of privacy and safety controls that would be needed in the metaverse, such as the ability to block someone from appearing in your space. Zuckerberg is betting that the metaverse will be the next big computing platform, calling it “the successor to the mobile internet.”

The whistleblower documents, which were first reported by the Wall Street Journal, show internal research and employee discussions on Instagram’s effects on the mental health of teens and whether Facebook stokes divisions, as well as its handling of activity around the Jan. 6 Capitol riot and inconsistencies in content moderation for users around the globe.

The company gave a slew of updates for its VR and AR products. It said it would this year launch a way for people using its Oculus VR headset to call friends using Facebook Messenger and for people to invite others to a social version of their home, dubbed “Horizon Home,” to talk and play games as avatars.

Facebook also said it would introduce a way for Oculus Quest users to use different 2D apps like Slack, Dropbox and Facebook while in this “Horizon Home” VR space.

The company, which began a beta test of its virtual meeting spaces “Horizon Workrooms” earlier this year, said it was working on ways of customizing these with company logos and designs and said it would be bringing more work capabilities into consumer Quest devices. It also announced new fitness offerings for Oculus Quest users.

Facebook said this week that its hardware division Facebook Reality Labs, which is responsible for AR and VR efforts, would become a separate reporting unit and that its investment in it would reduce this year’s total operating profit by about $10 billion.

This year, Facebook created a product team focused on the metaverse and it recently announced plans to hire 10,000 employees in Europe over the next five years to work on the effort.

Facebook also said it would run a $150 million education program aimed at helping AR and VR creators and developers.

(Reporting by Elizabeth Culliford in New York and Sheila Dang in DallasEditing by Matthew Lewis)

Continue Reading

Business

Shopify’s revenue rises in run-up to key holiday season; shares up

Published

 on

Canadian e-commerce giant Shopify Inc reported a 46% rise in quarterly revenue as consumer spending “normalizes” after a year of a pandemic-fueled online shopping frenzy, sending its shares up 9%.

The widespread shift to e-commerce at the height of the pandemic had brought a wave of new business to Shopify, which provides infrastructure for retailers to set up their stores online and generates revenue mainly through subscriptions and merchant services.

However, on a call with analysts, Shopify executives flagged “pressures in supply chain” for the key holiday shopping season.

Companies across the globe have sounded alarm bells on supply issues that have pushed costs higher and made some products scarce.

Shopify raked in billions of dollars over the past year, growing quarterly revenue by over 90% in four of the last six quarters.

It has been able to maintain a healthy growth rate even as people stepped out of their homes and bigger rivals like Amazon.com Inc bolster their offerings to retain customers.

“The strength of Shopify’s flywheel was on display within the more normalized spending environment we saw this past quarter, as more merchants used more of our platform to start and grow their businesses,” said Shopify’s finance chief, Amy Shapero.

The company’s subscription solutions revenue jumped by 37% to $336.2 million in the quarter ended Sept. 30.

Analysts are optimistic about Shopify’s business model, which is driven primarily by mom-and-pop stores.

“Shopify was a high-growth company long before COVID, and it’s going to be a high-growth company after the pandemic tailwinds fade,” said Samad Samana, analyst at Jefferies.

The company’s total revenue was $1.12 billion, narrowly missing expectations of $1.14 billion, according to Refinitiv data. Its adjusted profit of 81 cents per share also came in below an estimate of $1.18.

(Reporting by Richard Rohan Francis and Eva Mathews in Bengaluru; Editing by Krishna Chandra Eluri, Saumyadeb Chakrabarty and Maju Samuel)

Continue Reading

Trending