Dr. Eric Cadesky and Stan Shaw: Your personal health data is pirates' gold. Here’s how we can protect it
Credit to Author: Hardip Johal| Date: Thu, 30 Jan 2020 02:05:26 +0000
In the story of the “kindly” mugger, he points a gun at his victim and says, “Keep your family pictures, just give me the money.”
Today’s thieves may as well tell you: “Keep your banking numbers, just give me your health data.”
This reality hit home with the news that more than one in three Canadians was affected by the recent hack of LifeLabs. Human nature is to follow the money, and these digital bandits knew where the gold is kept for 15 million Canadians — one of the biggest security breaches in Canadian history. They have become aware that data about our health information is considerably more valuable than that of our finances.
The attack on LifeLabs is just one example worldwide where health data was stolen and then either sold or held for ransom.
In 2017, WannaCry ransomware affected hundreds of organizations in the British National Health Service. One year later, a hack of the Singapore health database threatened the privacy of more than 1.5 million people, including Prime Minister Lee Hsien Loong.
Closer to home, a recent attack on the Nunavut government severely disrupted health and other government services. Even just within Canada, recent hacks of Saskatchewan eHealth, three Ontario hospitals and a community home-care provider in Halifax show that organizations of every size are at risk.
These are not random events. They are targeted strikes that are part of a growing and disturbing trend. In some cases the organizations, including LifeLabs, paid a ransom in order to recover their data. But payment is no guarantee of data recovery. Even if a ransom is paid, personal records may still be leaked to the Internet.
So what is being done in the face of these rapidly evolving and increasingly sophisticated threats? To start, an ounce of prevention is worth a zettabyte of cure — and the only certain way to protect health information.
In British Columbia there is recognition that medical clinics are at risk. The sensitive personal medical information they keep is as valuable to hackers as those found in hospitals and medical laboratories.
Doctors work hard not only to ensure the best health for our patients, but to protect them as well. Electronic medical records often use secure Private Physician Networks funded by the Provincial Health Services Authority and have servers stored and backed up with high levels of protection.
The Doctors Technology Office (DTO) is funded by the General Practice Services Committee, a joint venture between Doctors of B.C. and the provincial government, and brings IT security directly to clinics and hospitals. DTO publishes a privacy toolkit, provides on-site security assessments and has partnered with UBC to offer online cybersecurity education. As a result, many doctors use encrypted USB keys and data transfer devices when sending sensitive patient information. Local action has seen teams create inventories of electronic assets and implement firewalls and anti-virus software. And just as a chain is as strong as its weakest link, training helps medical staff create and improve behaviour such as password creation and protection.
In order to meet future threats, we need to see more of these partnerships between clinicians, industry and government. Such efforts are successful because they engage health-care professionals and bring solutions to clinical spaces rather than taking doctors away from patient care and asking them to perform more administrative tasks. As in health care itself, cyber protection is a field where everyone can practise to their scope.
Finally, scaling these solutions is an opportunity for co-ordination between federal and provincial governments to provide leadership and support on the digital health file. Because as our system becomes more digitized through electronic medical records, monitors and apps, we are increasing dependent on technology that has hackers searching for their pirates’ gold. Now is the time to ensure that future attacks are not harmful to the health and well-being of our patients.
Dr. Eric Cadesky, MD CM, is a full-service family physician in Vancouver. Dr. Stan Shaw, PhD, is the founder of Corban Technology Solutions, a health-care privacy and security consultancy firm in Vancouver.
CLICK HERE to report a typo.
Is there more to this story? We’d like to hear from you about this or any other stories you think we should know about. Email vantips@postmedia.com.