October 2024


A Message from:
Lyn Baluyot, CEO

Cybersecurity Awareness Month


October marks a year since the cyberattack that affected TransForm and our hospital partners. The journey since then has been one of growth, resilience, and unwavering determination.


Our team has demonstrated incredible dedication in continuing to best serve our member hospitals, our community partners and our region.


I have immense respect for how our team has come together in the face of adversity, working around the clock to ensure our systems were restored swiftly. This collective effort is a testament to our organization’s strength and ability to overcome challenges, while maintaining the high standard of service that our partners and communities rely on.


This past year has taught us valuable lessons that have shaped our strategic direction moving forward. We are stronger, more resilient, and better equipped to safeguard our operations and the critical healthcare services we support.


As we mark Cybersecurity Awareness Month, it’s important to reflect on the steps we’ve taken to enhance our security posture and ensure we remain vigilant against evolving threats. We are continually refining our approach to security and ensuring that our team is prepared and empowered to defend against potential risks.


Our ongoing initiatives emphasize the importance of a proactive and comprehensive approach to cybersecurity. Everyone across our network plays a crucial role in protecting the systems and data that are vital to our operations.


As we observe one year since the incident, I am incredibly proud of how far we’ve come. Our collective efforts have made us stronger, and we will continue to build on this foundation to ensure we remain secure and resilient in the future.


Cybersecurity is a team effort, and I’m confident that our continued focus on collaboration and vigilance will keep TransForm, our member hospitals and community partners moving forward.


Lyn

Annual Report 2023 - 2024 & New Corporate Video

We are excited to announce the release of our 2023-2024 Annual Report. To learn more, make sure to check out the report here


We're also thrilled to share our new corporate video, which showcases our organization’s vision, goals, and commitment to delivering service excellence to our hospitals, healthcare partners and region. This video reflects who we are today and where we’re headed. Watch it here.

Sustainability Initiative: Refreshed eWaste Program

We’re pleased to share an exciting development in our eWaste management efforts. In just the last three weeks, we’ve had two major wins with our hospital partners. At Windsor Regional Hospital's Met Campus, we conducted a large-scale eWaste removal and an on-site cleanup. At Erie Shores HealthCare (ESHC), we completed a similar eWaste unload and cleanup. In collaboration with ESHC’s tech and facilities teams, we worked tirelessly to clear the Phone Room, IT Closet and the 3rd Floor IT area. Additionally, we assisted the Diagnostic Imaging team in disposing of a large, obsolete cabinet, ensuring no data-bearing hard drives were compromised.


Much like our previous initiatives at Windsor Regional, we organized a "housekeeping day" at ESHC, with members from TransForm's IT Infrastructure and Tech teams.


With great feedback from ESHC’s Facilities and Tech Support teams, this initiative is not only highly valuable to our partners but also efficient and effective in safely disposing eWaste.


We're proud to continue improving our eWaste management across our facilities, contributing to a cleaner, greener future.

Initiative: Cybersecurity Awareness

Throughout Cybersecurity Awareness Month, our Security and Privacy Team is offering valuable tips and tricks to help staff safeguard sensitive data and stay informed about common cyber threats. Eric Graham, Security Analyst with the Security and Privacy Team, explained how critical it is to be aware of methods hackers may use to access your computer and how to safeguard against it.



Can you describe the initiative and how this came about?

Cybersecurity is critically important to protecting sensitive data, not just in our work with the region’s hospitals and community health care partners, but in our personal lives as well. Protecting data from malicious actors requires a collective effort on all our parts to be aware of the tactics used and be vigilant in detecting and reporting them. We have implemented the Report Suspicious button for inbound emails and are very encouraged by the increase in percentage of staff detecting and reporting suspicious emails. Known as phishing scams, cybercriminals use email, SMS messaging, text and phone calls to attempt to trick you into giving them information by clicking on a fake link, giving log-in information by pretending to be IT support or by a “colleague” making an urgent request for documents, for example – all designed to gain access to data. 

 

Who worked on this project?

The Cybersecurity team at TransForm is continuously conducting phishing campaigns to ensure staff are aware of the different types of emails they may see from cyber criminals, from fake URLs such www.micrasoft.com made to look very close to the real URL of the company, to fake requests from IT or Human Resources to “confirm” personal information.

 

What are some of the ways users can protect themselves from phishing tactics?

There are some essential aspects of cybersecurity awareness, vigilance and education that everyone can use as a daily practice. Human error is the main factor in security breaches and cybercriminals use this fact to create increasingly sophisticated methods to trick users. This is referred to as Social Engineering. It is vitally important to: avoid clicking links from an unknown or unexpected source, double-check URLs before entering personal information, use strong passwords, use multi-factor authentication (MFA), always read security updates and alerts and report any suspicious emails or activity. It is important to trust but verify websites, email addresses, requests for documents, cold calls asking for information or any other attempt to elicit personal information. 


What are the challenges with ensuring cybersecurity awareness?

With the continually sophisticated methods cybercriminals use to try and access data, it means we have to be more vigilant than ever to spot these attempts. For instance, cybercriminals recently used a method of bombarding users with MFA requests in the hope that they will eventually wear them down and get them to authenticate the log-in attempt just to stop the notifications. This is called MFA Fatigue and any attempts to log-in that you did not initiate should be reported immediately. Remember it is okay to deny authentication requests and not get into the habit of selecting “Approve” when prompted. Ensuring all users understand the critical importance of being aware of and reporting suspicious activity is a continuous process of education and training.

 

Anything else you would like to share?

Cybersecurity is all of our responsibility and by following the best practices guidelines and training provided, and remaining vigilant, users can significantly reduce the risk of falling victim to cyberattacks and help protect your personal data. This in turn, protects us, our hospitals and their patients from data theft. The Security and Privacy Team appreciate your time and patience as we implement the measures needed to ensure the security of our data from bad actors.