Share this page:

Cybersecurity


Security experts working in healthcare or health solution providers sharing knowledge, information, and resources to promote security in healthcare, and safeguard Canadians’ personal health information.
Members: 92
Contact: Robert Martin
Type: Open
Access: Public
Security experts working in healthcare or health solution providers sharing knowledge, information, and resources to promote security in healthcare, and safeguard Canadians’ personal health information.

About

Scope

Canada Health Infoway is working closely with the provinces and territories (P/Ts) in support of the accelerated deployment or scaling of virtual care solutions. COVID-19 has created the impetus for moving quickly to virtual care solutions. Now, more than ever, Canadians want virtual and digital health solutions that enhance access to care.

Among the key common requirements are the need for well defined Security policies and tools that can be readily adopted to ensure that the virtual care investments made across the country maintain the safety and security of Canadians’ health information.

What are the common challenges facing Cybersecurity leaders?

  • Healthcare organizations are "feeling” that cyber threats are increasing, and security is getting more complex. Healthcare providers are trying to keep up vs. focusing on delivery of patient care
  • As more applications are moving to cloud, healthcare organizations are assessing a multitude of cloud services and their security and privacy processes
  • There is a shortage of skilled cybersecurity experts to meet the workforce's needs, so leaders depend more on collaboration with others in their industry
  • COVID-19 had led to organizations dealing with security risks associated with a remote work force, and supporting patients without bringing them into the clinical setting
  • Service providers are challenged by differing security requirements across jurisdictions, even when implementing solutions with Pan-Canadian reach

Participation

This community welcomes participation by Security leaders from:

  • Healthcare delivery organizations
  • Members of Federal, Provincial and Territorial Governments (P/Ts), Jurisdictions,
  • Private sector digital health service and product vendors who wish to work with jurisdictions and health delivery organizations

Value Proposition

Canada Health Infoway can help enable health delivery organizations to share in economies of scale and private sector businesses to efficiently and effectively interact with health organizations across Canada.

  • Standard Security Requirements and evaluation criteria for use in procurement processes, including security architecture and testing requirements. (Targeting Summer 2021)
  • Templates for Security Policies and Standards - customizable for specific uses and shared with Participants as an open Cybersecurity resource. (Targeting Fall 2021)

Key Resources

The following is a directory of resources that are free or not-for-profit serving Cybersecurity in the Healthcare sector

Leader

Ann-Marie Westgate, Director of Security, Canada Health Infoway

Activity

Klei Hoxha replied to a discussion in Cybersecurity

Hi Anchal, Thank you for your inquiry! I would recommend following this link for more information: https://www.infoway-inforoute.ca/en/digital-health-initiatives/privacy-security/security-policy-templates. Hope this helps.

Erik Uittien replied to a discussion in Cybersecurity

I would add some other points to consider that may be relevant for dental clinics: - In some provinces, EMR/EHR have a mandatory certification to be used, and as part of that process, the vendors need to demonstrate yearly Pen-testing of their solution by a cybersecurity firm. This may involve different methods of testing : - - black box testing, where pentesters don't have access to the system and try to gain information - - grey box testing, where pentester know the internal architecture and try to find flaws - - white box testing, where they have access to the application or infra - Sometimes specialized instruments are not patched frequently since their certification process would need to be redone each time (this was the case for some laboratory equipment, and because of certifications they were "stuck" with a windows 95 OS). It's hard to mitigate, except trying to segregate in a subnet. - DICOM endpoints exposed : See this recent article https://www.healthcareitnews.com/news/thousands-medical-devices-and-systems-pose-iot-security-risk - Physical access : sometimes computers are left unsupervized and may permit to plus an USB drive to it, and same thing for ethernet ports. Both methods could be used to gain access to the network. USB drive support should be blocked and unused network ports should not be linked to the main network. pen-testing of a vendor's solution and pen-testing of a clinic's access (phyisical and network) are definitively something that can make them improve their security

Alexander Quaisie replied to a discussion in Cybersecurity

Thank you Foram and Katherine. These are some fascinating insights on cybersecurity in Healthcare that apply to different facets of patient care especially telemedicine where patients usually have a portal into their healthcare facility's EHR/EMR systems.

Alexander Quaisie joined a group

Cybersecurity Logo
Security experts working in healthcare or health solution providers sharing knowledge, information, and resources to promote security in healthcare, and safeguard Canadians’ personal health information.

Chisom Anuobi joined a group

Cybersecurity Logo
Security experts working in healthcare or health solution providers sharing knowledge, information, and resources to promote security in healthcare, and safeguard Canadians’ personal health information.

Saranya Mohanakrishnan joined a group

Cybersecurity Logo
Security experts working in healthcare or health solution providers sharing knowledge, information, and resources to promote security in healthcare, and safeguard Canadians’ personal health information.

mary olajide joined a group

Cybersecurity Logo
Security experts working in healthcare or health solution providers sharing knowledge, information, and resources to promote security in healthcare, and safeguard Canadians’ personal health information.

Events



Upcoming events:

No events

Forum

Cyber security issues in health clinic for physicians 10/17/24

Hi Anchal, Thank you for your inquiry! I would recommend following this link for more information: https://www.infoway-inforoute.ca/en/digital-health-initiatives/privacy-security/security-policy-templates. Hope this helps.

Cyber Security Issues in a Dental clinic 10/17/24

I would add some other points to consider that may be relevant for dental clinics: - In some provinces, EMR/EHR have a mandatory certification to be used, and as part of that process, the vendors need to demonstrate yearly Pen-testing of their s...

Cyber Security Issues in a Dental clinic 10/17/24

Thank you Foram and Katherine. These are some fascinating insights on cybersecurity in Healthcare that apply to different facets of patient care especially telemedicine where patients usually have a portal into their healthcare facility's EHR/EMR sys...

Cyber security issues in health clinic for physicians 10/16/24

Hello, I’m a Health Information Management student currently working on an assignment focused on the Physician clinic. I need assistance in identifying three major cybersecurity challenges that the Physician clinic faces and how these can be mitigate...

Cybersecurity issues in Health Clinic for Physiotherapists 10/15/24

Hi Komalpreet, Thank you for reaching out! Here is a link to a useful resource infoway has:https://www.infoway-inforoute.ca/en/digital-health-initiatives/privacy-security/security-policy-templates. Hope this helps.

Cybersecurity issues in Health Clinic for Physiotherapists 10/15/24

Hello, I’m a Health Information Management student currently working on an assignment focused on the Physiotherapy clinic. I need assistance in identifying three major cybersecurity challenges that the Physiotherapist clinic faces and how these can b...

Cybersecurity Issues in a Hospital Setting 10/15/24

Hi Praise, Thank you for reaching out! We provide some great resources that you can get by following the link here: https://www.infoway-inforoute.ca/en/digital-health-initiatives/privacy-security/security-policy-templates. I hope you will find thi...

Cyber Security Issues in a Dental clinic 10/15/24

Hi Katherine, Thank you for taking the time to provide your insights to the post.

Cyber Security Issues in a Dental clinic 10/14/24

Thank you Katherine for your response, this information is very helpful.

Cyber Security Issues in a Dental clinic 10/14/24

Hello Foram, The following might be helpful to consider: -Unpatched systems -Issues with passwords (ex. reuse, easy to guess, recording, lack of effective password manager, easy to train AI on rainbow tables, etc.) and lack of 2FA -Monopolizati...

Cyber Security Issues in a Dental clinic 10/14/24

Hello, I am a Health Information Management student working on an assignment related to dental clinics. I need help identifying three key cybersecurity issues in dental clinics. Could anyone please explain it can be mitigated? Also, what recommendati...

Cybersecurity Issues in a Hospital Setting 10/13/24

I am a Health Information Management student working on an assignment focused on cybersecurity issues in a hospital setting. Specifically, I'm looking to identify some of the key issues, explore their potential causes and consider strategies to mitig...

security risks in dental practices 10/12/24

Thank you somuch Klei. Those resources provided sufficient information. Ewelina

security risks in dental practices 10/11/24

Hi Ewelina, Thank you for providing more information. I am providing 2 resources that would be a good start in better understanding cybersecurity in dental practices: 1. https://www.oralhealthgroup.com/partner-contents/why-do-i-need-cybersecurity...

security risks in dental practices 10/11/24

Hi Klei, Thank you for your help. Our concerns are patient data breaches, ransomware attacks and lack of security to prevent such attacks. And if there is anything else that you may have seen yourself in the dental field in reference to cyberattacks...

Documents

Click Manage documents to:

  • view the complete list of documents or documents grouped by folder
  • upload a new document

Note: Group members are not currently notified when new documents are added. To notify others, you must post the URL to the new document in the forum. (Notification of document uploads is a feature in development.)

Manage documents You may need to login and/or be a member of the group to access this content.

Security Policies v1.0 - Second Open Review

Published on Sep 16, 2021 by Ann-Marie Westgate

Security Policies DRAFT v0.1

Published on Jun 28, 2021 by Ann-Marie Westgate

Video

This Group has no videos.

Members

Robert Martin
Picture of Robert Martin
Canada Health Infoway
OFFLINE
Contact
Ann-Marie Westgate
Picture of Ann-Marie Westgate
Canada Health Infoway
OFFLINE
Contact
Bijiteshwar Aayush
Picture of Bijiteshwar Aayush
Canada Health Infoway
OFFLINE
Admin
Alexander Quaisie
Picture of Alexander Quaisie
n/a
OFFLINE
Member
Chisom Anuobi
Picture of Chisom Anuobi
undefined
OFFLINE
Member
Saranya Mohanakrishnan
Picture of Saranya Mohanakrishnan
Fanshawe college
OFFLINE
Member
mary olajide
Picture of mary olajide
fanshawe college
OFFLINE
Member
Blessena Varghese
Picture of Blessena Varghese
undefined
OFFLINE
Member
Anchal Mottan
Picture of Anchal Mottan
clinic
OFFLINE
Member
Ted XU
Picture of Ted XU
n/a
OFFLINE
Member
Komalpreet Kaur
Picture of Komalpreet Kaur
clinic
OFFLINE
Member
Foram Patel
Picture of Foram Patel
Fanshawe College
OFFLINE
Member
Praise Chukwuazonim Olaosebikan
Picture of Praise Chukwuazonim Olaosebikan
Fanshawe College
OFFLINE
Member
Kyaw Htet Wynn
Picture of Kyaw Htet Wynn
n/a
OFFLINE
Member
Klei Hoxha
Picture of Klei Hoxha
Canada Health Infoway
OFFLINE
Member

InfoCentral logo

Improving the quality of patient care through the effective sharing of clinical information among health care organizations, clinicians and their patients.