With cyber-attacks dramatically on the rise, we must teach our healthcare teams how to stay safe

As we have been saying for some time at Saegis about the increasing threat of cyber-attacks, “The best defence against a security breach is a well-trained human defence.”

This key insight helped focus our team as we have worked with experts over many months to combat a particularly pernicious style of assault. Cyber-attacks have been increasing across all industries in recent years, and at an alarming rate across the healthcare industry since the onset of the COVID-19 pandemic. All of us across the healthcare community have a responsibility to act.

I have a solution to share with you. But first, a little background about the challenge we face.

An escalating threat
Cyber-attacks against Canadian healthcare organizations come in many shapes and sizes. They range from attacks against individual physicians to attacks against large healthcare institutions, some of which have resulted in the exposure of thousands of patient records. Even before the pandemic hit, privacy breaches were an increasing problem in healthcare. In 2019, for example, 48 percent of security breaches in Canada were in the healthcare space.[1]

When COVID-19 struck, cyber-attacks in the healthcare space spiked. In the last two months of 2020, attacks on hospitals and healthcare institutions worldwide increased 45 percent – more than double the increase across all industries. The dominant type of attack against healthcare organizations was ransomware, and Canada saw the biggest increase at 250 percent.[2]

Cyber criminals typically take advantage of untrained and unaware healthcare staff by using “phishing” scams. These types of scams exploit basic human psychology by tapping into fear, curiosity, and the desire to help – the latter quality being abundant among Canada’s healthcare professionals. Research tells us that 99 percent of malware requires human interaction to infect a user device.[3] Phishing scams usually trick recipients into clicking on a link or downloading an infected file.

Healthcare professionals have become more vulnerable
The pandemic has given rise to an ideal ecosystem for phishing attacks. The volume of communications sent to healthcare professionals has increased dramatically during the pandemic, virtual care has become much more prevalent, and healthcare professionals are far busier than in the “before times.” Meanwhile, COVID-19 provides a perfect cover for emails that are disguised as important notices but contain malicious links to fake websites impersonating official organizations.

The Canadian Centre for Cyber Security (CCCS) has identified more than 1,500 websites posing as Government of Canada COVID-19 pages – but that are actually designed to scam Canadians. The CCCS continues to warn Canada’s healthcare and medical research sector that they are of particular interest to cybercriminals.

What we can do to protect ourselves
While a modern and robust IT network can be highly effective at preventing some cyberattacks, technology is only one component of a strong cyber defense. A cybersecurity-aware “human line of defence” is also critical.

My organization, Saegis (a subsidiary of the Canadian Medical Protective Association), designed two free-of-charge e-learning modules focused on how cybersafe habits in the context of COVID-19 help healthcare professionals build a human line of defence against cyber-attacks. We further developed a comprehensive program, called Saegis Shield, with the unique needs of Canadian healthcare in mind. It helps healthcare professionals and teams working in this country understand the day-to-day risks of cyber-attacks and how better to avoid them.

All our e-learning content was developed with cybersecurity and privacy experts experienced in the perils of healthcare breaches. Saegis Shield can be used as a learning tool for all healthcare providers and staff at hospitals, clinics, and healthcare institutions – including clinic directors, administrators, managers, physicians, and nurses – about security issues and how to avoid breaches.

And it takes just one 15-minute module per week for healthcare professionals to develop cybersafe habits. Here are some highlights of the Saegis Shield program:

  • Learners start by completing an assessment that establishes a score for their cybersecurity knowledge and practices.
  • After the assessment, learners complete – at their own pace – a custom curriculum of online modules about cybersecurity best practices and privacy obligations.
  • Each module covers a critical topic, such as “email and patient health information” or “password security”.
  • The program includes monthly phishing challenges, which teach learners to spot malicious email messages.
  • Quarterly webinars allow learners to interact with cybersecurity and privacy experts and ask questions.
  • Learners are rewarded by seeing their score improve as they move through the program and complete training and phishing challenges.
  • Physicians can use this program to support their continuing professional development goals. The e-learning program is accredited by the College of Family Physicians of Canada for 30 Mainpro+ credits under “Assessment”, and by the Royal College of Physicians and Surgeons of Canada for 30 Section 3 credits.

I encourage you to take advantage of this affordable tool. If physicians and healthcare organizations can train themselves and their workers to spot and avoid malicious phishing emails, cyber-attacks could be greatly diminished in Canada. We owe it to our organizations and patients to safeguard the security of all our private information.

Please learn more out more about Saegis Shield and how it can help protect your healthcare team at https://saegis.solutions/shield/

Margaret Hanlon-Bell is the CEO of Saegis, a subsidiary of the Canadian Medical Protective Association. Saegis’ mission is to deliver high-impact programs and services that help all healthcare professionals perform at their best. Margaret has over 25 years of experience and demonstrated success as both a healthcare professional and a senior business leader in the healthcare sector within North America.

She has worked on international teams setting strategy that enabled organizational growth through the provision of products and services that helped to improve the delivery of healthcare. Margaret has sat on Boards of Directors both within healthcare companies and not-for-profit organizations. She currently sits as a Director on the Board of Parkinson Canada.

[1] Burke, D. CBC News. Hospitals “overwhelmed” by cyberattacks fuelled by black market.

[2] Solomon, Howard. IT World Canada. What to do before and after being hit by hackers.

[3] LPNet Security. More than 99% of cyberattacks rely on human interaction.