Shared Health advised to put cyberattack plan to the test
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$1 per week for 24 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $4.00 plus GST every four weeks. After 24 weeks, price increases to the regular rate of $19.00 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.75/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Winnipeg Free Press access to your Brandon Sun subscription for only
$1 for the first 4 weeks*
*$1 will be added to your next bill. After your 4 weeks access is complete your rate will increase by $0.00 a X percent off the regular rate.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 19/12/2024 (268 days ago), so information in it may no longer be current.
Shared Health has a system to protect sensitive information from cyberattacks, but its plan to let the public know when it has been breached is lacking and must be put to the test.
Tyson Shtykalo, the province’s auditor general, said while Shared Health has procedures and technology to minimize its risk of falling victim to a cyberattack, he wanted to check what the provincial health authority would do if hackers were successful.
“What I wanted to do for this report is choose what might very well be a prime target, which would be Shared Health because of the amount and types of information that it holds and see what is your plan if you were cyberattacked,” said Shtykalo on Thursday.
Manitoba’s auditor general, Tyson Shtykalo. (Submitted file)
“What we found is, they do have a plan on what to do and what the process would be in the event that they were attacked, but as auditor generals do, we found some areas and some places to make some recommendations where they could ensure that that plan is most effective.”
The report was released after high-profile cyberattacks at the University of Winnipeg and Pembina Trails School Division.
The report found that training sessions are not held with all staff members, a plan to communicate with external stakeholders and procedures to respond to ransomware incidents are incomplete, and incident-response tests were not done.
“Since no tests were performed, the effectiveness of the (response) plan cannot be evaluated to ensure that Shared Health is prepared to promptly respond to a major cybersecurity event,” the report states.
Shtykalo said while the audit focused on Shared Health, it should encourage all public-sector organizations to bolster efforts to respond to cybersecurity attacks.
Shared Health is responsible for province-wide health services as well as the Health Sciences Centre and the Selkirk Mental Health Centre.
Kevin Holowachuk, chief information and security officer of Digital Shared Services, said it “is committed to ensuring the security and integrity of the Manitoba health system and has robust processes in place to safeguard our systems from a malicious cyberattack.
“Work to implement the four recommendations has either been completed or is underway and has strengthened our cybersecurity incident response plans to ensure that we can detect, respond to, and manage cybersecurity incidents in a manner that would minimize impact and/or harm to IT assets and delivery of health-care services and patient needs.”
Shtykalo said he recommends Shared Health do table top exercises and run through various scenarios in the event of a cyberattack.
“What we are calling for in the report is recommending that they actually test that response… just make sure it is most effective, if and when it is called upon.”
Shtykalo said the audit of Shared Health wasn’t sparked because of a cyberattack and there were no cyberattacks while the audit was being done.
“That’s good news,” he said. “It may have made for a more exciting report, but certainly I have my medical information there too, so I was glad nothing happened.”
kevin.rollason@freepress.mb.ca
Kevin Rollason is a general assignment reporter at the Free Press. He graduated from Western University with a Masters of Journalism in 1985 and worked at the Winnipeg Sun until 1988, when he joined the Free Press. He has served as the Free Press’s city hall and law courts reporter and has won several awards, including a National Newspaper Award. Read more about Kevin.
Every piece of reporting Kevin produces is reviewed by an editing team before it is posted online or published in print — part of the Free Press‘s tradition, since 1872, of producing reliable independent journalism. Read more about Free Press’s history and mandate, and learn how our newsroom operates.
Our newsroom depends on a growing audience of readers to power our journalism. If you are not a paid reader, please consider becoming a subscriber.
Our newsroom depends on its audience of readers to power our journalism. Thank you for your support.
Kevin Rollason is a general assignment reporter at the Free Press. He graduated from Western University with a Masters of Journalism in 1985 and worked at the Winnipeg Sun until 1988, when he joined the Free Press. He has served as the Free Press’s city hall and law courts reporter and has won several awards, including a National Newspaper Award. Read more about Kevin.
Every piece of reporting Kevin produces is reviewed by an editing team before it is posted online or published in print — part of the Free Press‘s tradition, since 1872, of producing reliable independent journalism. Read more about Free Press’s history and mandate, and learn how our newsroom operates.
Our newsroom depends on a growing audience of readers to power our journalism. If you are not a paid reader, please consider becoming a subscriber.
Our newsroom depends on its audience of readers to power our journalism. Thank you for your support.
Related Articles
‘It’s affected everything’: cyberattack could impact Pembina Trails report cards, exams Pembina Trails School Division confirms cyber attack
Advertisement Advertise With Us
Advertisement Advertise With Us
History
Updated on Thursday, December 19, 2024 5:53 PM CST: Updates with final version
Updated on Thursday, December 19, 2024 5:56 PM CST: Adds byline