eHealth Saskatchewan under increased risk of security breaches, provincial auditor finds
The Crown corporation responsible for safeguarding the digital health records of Saskatchewan residents is under an increased risk of security breaches and system failure – due to the lack of a finalized IT agreement with the SHA.
The concerns were laid out in the province’s most recent auditors report – released on Dec. 6.
ehealth Saskatchewan is the provincial Crown which oversees IT services to patients, health care providers, the Ministry of Health and the Saskatchewan Health Authority (SHA).
While an IT agreement between the SHA and eHealth does exist – the auditor’s report found that several key aspects were not finalized.
They include disaster recovery, service levels, security requirements and IT change management.
“Without an adequate agreement, the SHA risks being unable to effectively monitor the quality and timeliness of IT services delivered by eHealth, or know whether its critical IT systems and data are secure and will be restored in a reasonable timeframe in the event of a disaster,” the report read.
eHealth took over the SHA’s IT systems when the health authority moved them to its data centre in 2017.
The Crown is currently responsible for 35 IT systems deemed “critical” for the delivery of health care in Saskatchewan.
The report laid out two recommendations made by the auditor in 2019.
The first outlines installing centralized Network Access Controls (NAC) for all health sector agencies – while the second has to do with utilizing network security logs and scans to monitor systems for malicious activity.
Both have been partially implemented by eHealth.
The report went on to say that the organization’s five year disaster recovery roadmap includes assessing potential risks to IT systems and establishing appropriate measures for recovery.
The roadmap is expected to be finalized in 2023-24.
“eHealth needs to begin disaster recovery testing when its Roadmap is complete. Without fully tested disaster recovery plans, eHealth, the [SHA], Saskatchewan Cancer Agency, and the Ministry of Health may not be able to restore their critical IT systems and data (such as the personal health registration system or provincial lab systems) in a timely manner in the event of a disaster,” the recommendation read.
“As ransomware and cyberattacks are steadily rising and evolving, organizations (like eHealth) need disaster recovery plans that enable speedy and easy recovery of data from the point of attack.”
CTVNews.ca Top Stories
Second Cup closes Montreal franchise over hateful incident
Second Cup Café has closed one of its franchise locations in Montreal following allegations of hateful remarks and gestures made by the franchisee in a video that was widely circulated online during a pro-Palestinian protest on Thursday.
'It’s pretty emotional': N.B. family escape fire, plan to rebuild home
A family in Riverview, N.B., is making plans for Christmas and the future after escaping a fire in their home on Nov. 14.
Cargo ship runs aground in St. Lawrence River near Morrisburg, Ont.
A large cargo ship remains stuck in the St. Lawrence River after running aground on Saturday afternoon.
Scurvy resurgence highlights issues of food insecurity in Canada's rural and remote areas
A disease often thought to only affect 18th century sailors is reemerging in Canada.
B.C. man awarded $800K in damages after being injured by defective bear banger
A B.C. man has been awarded nearly $800,000 in damages as compensation for injuries he sustained from a defective bear banger, according to a recent court decision.
A man called 911 for help during a home invasion. Las Vegas police fatally shot him
A Las Vegas man called for police help during a home invasion before an officer fatally shot him, according to authorities and 911 calls.
Cat caught in hunting snare rescued by BC SPCA
Donations are ramping up for a BC SPCA cat with a mangled paw after being caught in a hunting snare, one of a rising number of pets to fall prey to the hunting device.
These royal residences are opening their doors this Christmas
Not so long ago, if you wanted to spend Christmas with the royal family, the only way to get close was to press your nose up to the TV screen during the monarch’s Christmas speech.
'Still working full time on it:' One year later police continue to search for gunman in Caledon double murder linked to ex-Olympian
One year after a couple was shot and killed in their Caledon home in what investigators have described as a case of mistaken identity, Ontario Provincial Police say they are still trying to figure out who pulled the trigger.