eHealth Saskatchewan under increased risk of security breaches, provincial auditor finds
The Crown corporation responsible for safeguarding the digital health records of Saskatchewan residents is under an increased risk of security breaches and system failure – due to the lack of a finalized IT agreement with the SHA.
The concerns were laid out in the province’s most recent auditors report – released on Dec. 6.
ehealth Saskatchewan is the provincial Crown which oversees IT services to patients, health care providers, the Ministry of Health and the Saskatchewan Health Authority (SHA).
While an IT agreement between the SHA and eHealth does exist – the auditor’s report found that several key aspects were not finalized.
They include disaster recovery, service levels, security requirements and IT change management.
“Without an adequate agreement, the SHA risks being unable to effectively monitor the quality and timeliness of IT services delivered by eHealth, or know whether its critical IT systems and data are secure and will be restored in a reasonable timeframe in the event of a disaster,” the report read.
eHealth took over the SHA’s IT systems when the health authority moved them to its data centre in 2017.
The Crown is currently responsible for 35 IT systems deemed “critical” for the delivery of health care in Saskatchewan.
The report laid out two recommendations made by the auditor in 2019.
The first outlines installing centralized Network Access Controls (NAC) for all health sector agencies – while the second has to do with utilizing network security logs and scans to monitor systems for malicious activity.
Both have been partially implemented by eHealth.
The report went on to say that the organization’s five year disaster recovery roadmap includes assessing potential risks to IT systems and establishing appropriate measures for recovery.
The roadmap is expected to be finalized in 2023-24.
“eHealth needs to begin disaster recovery testing when its Roadmap is complete. Without fully tested disaster recovery plans, eHealth, the [SHA], Saskatchewan Cancer Agency, and the Ministry of Health may not be able to restore their critical IT systems and data (such as the personal health registration system or provincial lab systems) in a timely manner in the event of a disaster,” the recommendation read.
“As ransomware and cyberattacks are steadily rising and evolving, organizations (like eHealth) need disaster recovery plans that enable speedy and easy recovery of data from the point of attack.”
CTVNews.ca Top Stories
A wave of exploding pagers in Lebanon and Syria kills at least 8, including members of Hezbollah
Hundreds of handheld pagers exploded near simultaneously across Lebanon and in parts of Syria on Tuesday, killing at least eight people, including members of the militant group Hezbollah and a girl, and wounding the Iranian ambassador, government and Hezbollah officials said.
After another Liberal loss, Trudeau says there are 'all sorts of reflections' to do
Prime Minister Justin Trudeau says he's going to 'stay focused' on governing after being handed his second byelection upset in recent months.
More non-smokers are getting lung cancer. Here's why and how you can protect yourself, according to a doctor
More people who have never touched a cigarette are getting lung cancer, but there are ways to prevent it, according to a doctor.
Health Canada approves updated Moderna COVID-19 vaccine
Health Canada has authorized Moderna's updated COVID-19 vaccine that protects against currently circulating variants of the virus.
These people say they got listeria after drinking recalled plant-based milks
The Canadian Press spoke to 10 people, from the parents of a toddler to an 89-year-old senior, who say they became sick with listeria after drinking from cartons of plant-based milk stamped with the recalled product code. Here's a look at some of their experiences.
Canada's inflation cools to 2% in August, the smallest gain since early 2021
Canada's annual inflation rate reached the central bank's target in August at it cooled to 2 per cent, its lowest level since February 2021, data showed on Tuesday.
Ontario man who almost fell for text scam issues warning to others
An Ontario man thought he got some good news when he received a text message offering a $30 gift for being a loyal Giant Tiger customer. 'I do go to that store so I clicked on the link and it said it was a customer appreciation award they were going to give people,' Mark Martin, of Simcoe, Ont., told CTV News Toronto.
BREAKING Sean 'Diddy' Combs has been indicted on sex trafficking and racketeering charges
Sean 'Diddy' Combs has been charged with sex trafficking and racketeering, according to a federal indictment unsealed Tuesday.
'On the edge of life': Influencer has a close encounter with a bear after climbing into a den
Influencer Stefan Jankovic shared footage of a terrifying close encounter with a bear after climbing into a den in Bosnia and Herzegovia.