'Significant' weaknesses found in WRHA's cybersecurity, report says - Action News
Home WebMail Friday, November 22, 2024, 03:17 PM | Calgary | -10.4°C | Regions Advertise Login | Our platform is in maintenance mode. Some URLs may not be available. |
Manitoba

'Significant' weaknesses found in WRHA's cybersecurity, report says

An audit has found flaws in the Winnipeg Regional Health Authority's cybersecurity that left personal health information vulnerable to falling into the wrong hands.

Healthcare organizations must protect sensitive info accessed from computers and smartphones: audit

An audit found the WRHA was not identifying the risks to personal health information accessed by end-user devices and that there were weaknesses in its cybersecurity controls. (Ryan Remiorz/Canadian Press)

An audit has found flaws intheWinnipeg Regional Health Authority's cybersecurity that leftpersonal health informationvulnerable to falling into the wrong hands.

Manitoba's Auditor General Norm Ricardreleased a report Wednesday after looking into the WRHA's management of risks associated with end-user devices (personal computers, smartphones, tablets).

"Healthcare organizations must ensure they are properly protecting the sensitive information that is accessed from, and stored on, these devices," Ricardsaid in his report.

The audit found the WRHA was not identifying the risks to personal health information accessed by end-user devices and that there were weaknesses in itscybersecurity controls.

"Because of these significant cybersecurity control weaknesses, the WRHA was unnecessarily vulnerable to personal health information falling into the wrong hands," said Ricard.

The report notes the WRHA was focused on ensuring compliance with the Personal Health Information Act, including its security requirements,"but compliance to the PHIA security requirements does not ensure strong cybersecurity," Ricard said.

"We believe that focusing first on a cybersecurity program based on sound risk management would better protect personal health information and invariably result in compliance with the Act's security requirements."

The report contains 12recommendations for both theWRHAand the provincial health department.