Every day we are inundated with phishing scams in both our personal and work life. We’ve all seen the requests on social media in what seems like an innocent question asking for a response, like what was your first car or to call out your favourite pet’s name. Believe it or not, as innocent as it may seem, these are attempts for hackers to gather your personal information and potential passwords that are then data mined.
The same goes for our work emails – you’ve seen the communiques, asking staff not to click on any suspicious links or emails as innocent or realistic as the requests may seem.
This is such a massive threat to our hospitals that an entire team from TransForm has a dedicated team to detect fraudulent activity. A deeper dive into what the security and privacy team do on a day-to-day basis will hopefully give everyone a better idea of the tremendous undertaking required to keep our systems (and the patients of our member hospitals) safe.
Most of you may not have met Mark Loffhagen, TransForm’s Senior Security and Privacy Analyst, who is based out of our Sarnia location at Bluewater Health, but his name is sure to ring a bell with all the communications, training and ‘test’ phishing scams that have been sent out. Mark was able to provide some more insight as to this team and all the hard work they are doing for TransForm and our member hospitals.
So who makes up TransForm’s Security and Privacy Team?
Loffhagen: There are three TransForm staff who make up the team. Myself, Phil Audet and Daniel Babic. Daniel provides technical support for the cybersecurity tools deployed that comply with the current security standards and policies maintained by Phil and I. We collectively support those tools that mitigate the risks identified and tracked by the team e.g. antivirus, web filters, enterprise password managers, intrusion detection systems, etc.
Can you describe a day in the life for this team?
Loffhagen: Sure! Well, like many of you, our days are filled with meetings both internally and with our member hospitals. We have a set of tools that we use to monitor cyber events such as our antivirus applications. We also receive various communications regarding the latest threats that we respond to and apply depending on the environment affected.
Phil and I keep busy concentrating on policies and future projects, coordinating the completion of threat and risk assessments which are tracked in our corporate risk registry that are categorized according to level of threat. We also act as security and privacy consultants to hospital members and other groups within the region like our Ontario Health Teams (OHTs).
We also conduct preliminary privacy and security assessments for new initiatives and assist our hospitals with their internal privacy and security practices. We also support auditing tools that track hospital policy compliance and provide information for Freedom of Information requests.
So why is this all so important?
Loffhagen: I’d like to first concentrate on the patients we serve. As with all of us, we expect that our health records remain private and confidential. Our team works to protect both personal information as well as patient information for TransForm staff and our member hospitals. Think of the information that is housed – payroll, and human resource information such as our social insurance numbers.
What you may not realize is that every day as we use our technology, damaging links and attachments are being prevented – even while you are reading this! We need to remember that it’s not if we will get hit by ransomware, it’s a matter of when, whether it be at home or at work.
So how do you stop an attack?
Loffhagen: There’s lots of things that we do. We have a spam filter that will look for patterns and score potential attacks coming in. The filter basically asks if something looks like a phishing attempt and then determines if it is blacklisted. However, this can’t catch everything as it’s based on past history events.
We added a yellow banner on top of emails, so staff are aware it’s from an external source (hopefully you’ve noticed that by now!). BUT, if you happen to ignore the source and click the link and find out you’re compromised, we have anti-virus and anti-malware to protect you which monitors behaviour and prevents attacks. Finally, we also get alerts when there is an outbreak occurring on two or more computers, so we can respond quickly.
What are the main challenges for this team?
Loffhagen: Technology scams are always changing and we have to evolve to keep up. If Microsoft or other major vendors brings a new version or new application, you have to address the security risks and patch them or evaluate them – not an easy feat in our complex environment!
Also, although our team is mighty, it is small – a team of three people covering five hospitals can be challenging. Thankfully we can lean on others within our Information Services department to help support when we need them. Finally, balancing the stopping of attacks which can potentially shutdown a functioning department versus enabling clinicians to take care of patients efficiently means we always have to be strategic and creative in weighing the risks when stopping these attacks.
Sounds like you have a huge job. What can we do to help?
Loffhagen: First, pay attention to phishing attempts - “From” fields can be faked and requests for banking or password information should be viewed with caution. We would suggest that you do not reuse your passwords - have a separate one from your banking to your social media to your work and any other platforms you may use. Remember that the longer your password, the better. And finally, save your information on the shared X drive or your personal P drive if you want it to be backed up. Don’t save to your local drive as computers can fail.
