CYBER SECURITY

Brendan Kwolek
Executive Director, Interchange Project & ICT
Halton Healthcare

BridgeCare Health Network in Colorado receives thousands of attacks over the course of a week but have built robust solutions to prevent the attacks from penetrating their secure systems. With 91% of all ransomware attacks executed through phishing, having a culture that is alert to threats, is an essential component in your front line defence of cyber-attacks. In this session learn how to:

• Understand when an attack is taking place and act quickly to prevent a breach
• Learn how BridgeCare developed a strategy for prevent breaches
• Provide the leadership support – and training – necessary to create a cyber tuned culture

Michael Archuleta
Chief Information Officer
Information Security Officer
BridgeCare Health Network – Mt. San Rafael Hospital

Most healthcare professionals know about hacks, but very few have seen what one looks like in the moments it’s happening. This demonstration will take you through the various stages of an attack, from the initiation infection to the pathway it takes to shut down systems, machines, restarts, encryption and data collection. This valuable session will arm you with the knowledge you need to understand the way attacks occur, and how you can build your systems to mitigate their effectiveness and defend against them. Some of the examples we will explore include:

• The attack pathway
• Shutting down and taking over medical devices, such as MRIs
• Gaining access to patient records, encrypting them for ransom, or stealing them
• And many other examples!

Yousif Nakkash
Network Systems Support, Department of Computer Science
Ryerson University

When attacks occur, you must react quickly to maximize your effectiveness. To understand what an effective response looks like, HIROC will show how you should respond in real-time, including:

• Which steps you should take, and in which order
• How to initiate the response, and how to mobilize your team
• How to seal off and protect sensitive data
• How to report the attack up the chain

Kopiha Nathan
Privacy and Compliance Officer
HIROC

There remains much confusion over what organizations need to do once they experience an attack. In Ontario, health information custodians must report to the IPC where personal health information is subject to a ransomware or other malware attack. Custodians also have a duty to notify individuals whose privacy has been breached. Understand custodian’s obligations, as we go over:

• What must be reported, how and when?
• Guidance on responding to a ransomware attack.
• What are the IPC’s processes where an attack is reported.

Brendan Gray
Health Law Counsel
Office of the Information & Privacy Commissioner of Ontario

Recent events surrounding various healthcare organizations have highlighted the risks and vulnerabilities that go to the heart of healthcare providers. Health records are extremely valuable, and therefore a target for many hackers. From ransomware, to extortion, and selling information on the dark web, stealing patient records is becoming a big business. Hear stories from a legal team on the front lines and learn what you can do to protect yourself.

• What proactive steps can you take before and after a breach to try to dissuade legal action, or pre-empt a successful claim?
• How have the courts responded to proposed class actions against health care providers who have been subjected to data breaches?
• What kinds of remedies do class members seek, and what have they been successful in achieving?

Margaret Waddell
Founding Partner & COO
Waddell Phillips Barristers

Brendan Kwolek
Executive Director, Interchange Project & ICT
Halton Healthcare