Every day, organizations around the world are under constant attack from sophisticated, determined online criminals attempting to steal information from electronic networks.
Alberta Health Services is not immune to these attacks, and we are constantly working to ensure our network systems are secure.
AHS takes its responsibility as the keepers of personal healthcare information extremely seriously, and does all it can to ensure that information is secure and protected.
That vigilance extends to the Alberta Netcare Portal, a secure and confidential electronic system that houses patient health information that is accessible to our frontline healthcare teams at the point of care.
It is important to note that there has never been a breach of AHS’ Alberta Netcare portal from outside sources. Patient information continues to be protected.
As part of our regular due diligence, AHS commissioned an external security firm to analyze the Netcare system, as part of our responsibility to ensure any gaps are identified and fixed. These third party audits are part of our grant agreement with Alberta Health.
We are constantly reviewing all of our IT systems, so as to protect them from ongoing and ever-changing security risks, in turn protecting the information of our patients. To not do this would be irresponsible, and could put our systems at risk of breach.
The external review helped us identify some opportunities to further strengthen the security of information held within Netcare.
We have already acted on the majority of recommendations identified in this report, including steps to add an additional layer of security (firewall) around Netcare, to enact a more sophisticated password system, and to protect us from developing threats. These are in progress or already complete.
The report also did not consider the security of our overall AHS network environment, which further protects applications such as Netcare. This was not part of the mandate given to the external security firm, which was tasked with focusing solely on Netcare.
AHS has multiple mitigating controls we have within our broader system – a security umbrella that provides additional security and protection to our entire network environment.
Security within the AHS environment works at many different levels - we have security at the overall environment level, at an application/database level and at a user level. At each of these levels, we have controls and tools that proactively protect us, as well as monitoring tools which look for any unauthorized access.
AHS also has many security measures in place, to protect its systems from criminals. These measures are constantly evolving to counter outside threats that are also constantly changing and adapting.
In addition, AHS proactively works with other organizations like Canadian Cyber Incident Response Centre (CCIRC) and National Health Information Sharing and Analysis Center (NS-ISAC) to identify emerging threats and take steps to protect our systems.
And, we subscribe to many security intelligence feeds that will provide us with known threats and methods of early detection.
IT security is a significant issue in Canada and internationally – AHS is certainly not unique in this regard. We all must remain vigilant to the threat posed by criminals working online.