Keith Lawson on LinkedIn: "GPs sign onto their EMR and use the same log-in for all systems!… (2024)

It was a pleasure to speak about some of our challenges and how we can think differently and improve in protecting our healthcare systems. Thank you for the opportunity to share and discuss. #healthcarecybersecurity

36

4 Comments

Looking forward to this event next week. I'll be speaking on the the impact to patient care during incidents in healthcare organizations and proposing ways we can improve in both measuring impacts to patients as well as sharing threat intelligence in our sector.

11

1 Comment

Well said David Shipley! We really need to stop publicly shaming organizations for being compromised by highly skilled, highly resourced criminals. While I feel for the customers here and am frustrated when my own information is involved in a breach jumping to conclusions and publicly blaming the organization for being negligent is really hurting our field. This type of blame is significantly harming honest, timely disclosure of incidents which in turn hurts the customers as well as the ability for companies to publicly share or communicate threat intelligence that may help others learn so that we're not the next victim of these threat actors. We've seen time and time again when facing an advanced enough attacker the most well resourced, well protected organizations on the planet get compromised. The cards are stacked against us and the attackers will always have the advantage. Yes, we can always do better but to jump to the conclusion that the team of defenders here is negligent or stupid is the wrong way to be having these conversations. When organizations are victims of violent physical crimes we don't point them out for being to stupid to have more security guards. Why do we do this in the digital world?

5

3 Comments

While I agree that this is absolutely necessary and most definitely a step in the right direction the privacy and security concerns are mind boggling for healthcare systems integration at this scale. This will take careful planning with extensive advice from privacy and cybersecurity experts that do not have financial interest clouding their judgement. This can not be implemented the same way that internal systems integration is done today in healthcare. It will not be as simple as turning HL7 v2/3/FHIR on and opening the flood gates. I can't even start on the cloud risks here. Look at the recent Snowflake issues and imagine that on a national scale with the data being PHI of every Canadian citizen. Need I mention Change Healthcare? Please don't say AI. An exciting step in the right direction but if it's not built with privacy and security as a priority from the ground up we put the sensitive PHI of every single Canadian citizen at risk. Remember that "Streamline" and "secure" are often conflicting terms.#BillC72

7