Subscribe to Newsletter Request a Demo

Patient Care Management

Logibec eClinibase
Facilitates access to information on service requests and appointments

Logibec EDM
Generates intelligent forms and centralize clinical documentation

Logibec Emergency Redirection
Assists triage staff in identifying and redirecting non-emergency cases

    Human Capital Management

    Logibec Scheduling
    Provides caregivers with schedules that suit their needs

    Logibec Strom
    Optimizes patient flow and clinical workload distribution

    Logibec MedSIS 3C
    Provides a platform for competency-based training

      Financial and Material Resources Management

      Logibec FMS
      Automates financial workflows and optimizes financial strategies

      Logibec MMS
      Strengthens control over the healthcare supply chain

        Performance & Analytics

        Logibec ContinuumCore
        Centralizes healthcare information in a scalable data warehouse

        Logibec Operational Insights
        Leads to optimal management of surgeries and inpatient beds

          4 min read

          Technology Infrastructure: Is the Continuity of Your Services at Risk?

          Featured Image

          Infrastructure security aims to limit the vulnerability of infrastructures and information systems to growing threats. This means adopting an appropriate mix of security measures, business continuity practises and emergency management planning measures to ensure that adequate response procedures are in place to deal with disruptions and natural disasters.

           

           

           

          According to more than 31 research articles, the healthcare network is slow to adopt the necessary measures to ensure the security of its stakeholders’ data, in this case its employees and patients. Indeed, in an article published on June 3, 2020, on the Radio-Canada website [French only], we learn that “the number of cyberattacks against the Canadian healthcare system jumped by 15% between 2018 and 2019.” To face this threat, facilities must make a financial and time investment to protect their technological infrastructures and support the continuity of their services. Despite both federal and provincial recommendations, this remains a major challenge, since healthcare facilities are complex organizations saturated with interdependent technologies. 

           

          The Healthcare Network – A Strategic Infrastructure

          The security of strategic infrastructures, including that of the healthcare network, is an unavoidable state security issue. According to the Ministère de la Sécurité publique du Québec [French only], a strategic infrastructure is an infrastructure that provides a service of great importance to society. A breach would have major consequences for the health, safety or well-being of citizens or for the efficient functioning of government.

          The cyber vulnerability of the provincial healthcare system’s technology infrastructure results from the accumulation of vulnerabilities in individual hospitals. Computer applications are now linked together in real time, which means that any loss of data can affect the entire ecosystem and activities of an organization. It is advisable to refer to the Synoptic table of key measures grouped by axes and objectives [French only] for all recommendations developed by the Government of Quebec.

          The National Critical Infrastructure Strategy notes that a failure, breakdown, virus or human error in one of these facilities could jeopardize the entire healthcare network infrastructure, depending on the interdependencies of the affected computer system. In 2019, for example, a major blackout affected five hospitals in Montreal [French only]. For this reason, all CISSS and CIUSSS must move forward together to ensure that the resilience of critical infrastructures is strengthened and to make the industry less attractive to cybercriminals, and therefore less vulnerable in the event of a natural disaster. 

           

          Real-Life Cases and Responsibilities

          Events experienced by some facilities demonstrate the importance of protecting these infrastructures and having a quick action plan to deal with computer threats.

          Among the many responsibilities of hospital IT management is that of ensuring the security of the IT infrastructure to guarantee, among other things, the continuity of services, including those provided to patients. The security of infrastructures and the importance of business continuity depend first and foremost on the culture of each organization. According to one of the CIOs interviewed in the scientific article Cybersecurity in Hospitals: A Systematic, Organizational Perspective: “Our culture wasn’t like this seven years ago… Bad things have had to happen at times. Nothing affects change like someone who makes a mistake.” In Quebec, here’s what Steve Waterhouse had to say in an interview with La Presse [French only]: “In IT, as long as there’s no accident, we tell ourselves that we’ll deal with it if it happens. That’s where it hurts the most, and once again, it’s the people who pay the price.”

          It would be a shame to wait for a disaster to drive the necessary change when it could already be implemented. The loss of data in a healthcare facility would be particularly catastrophic, as there could be medical errors with serious clinical consequences and deaths directly related to a breakdown in computer systems. 

           

          Ensuring Service Continuity in the Event of a Disaster

          The purpose of a business continuity plan is to ensure the continuity of critical IT services in the event of a disaster. This plan must allow facilities to restart operations as quickly as possible (RTO) with minimal data loss (RPO) by following pre-established procedures.

          According to Stéphane Dumont, Director of Technical Solutions at Logibec, best practices dictate three phases to maximize the availability of the technological infrastructure in the event of a disaster. First of all, data must be secured with a backup copy, one of the essential components of a continuity plan. Then, it is necessary to maintain solutions up to date and carry out migrations or version upgrades in due time. Finally, the team in charge must set up and implement a recovery plan and process for computer systems.

          Critical success factors are planning, documentation of the impact of each process and rapid activation of the plan. The IT management team must define and establish its recovery time objective (RTO) and recovery point objective (RPO). This plan must be regularly tested to validate procedures, ensure that the plan is complete and achievable, and guarantee its success. As a result, the team is able to detect incidents as early as possible in order to minimize impacts, reduce recovery efforts and maintain service levels.

          The cooperation of the various sectors, asset holders and users is critical to the success of the recovery plan. The impact assessment must be carried out by a multidisciplinary team that will offer its analysis and commitment. All stakeholders will be required in the event of a disaster.

           

          In the COVID-19 Context

          The Canadian Centre for Cyber Security alerts facilities that “the COVID-19 pandemic presents an elevated level of risk to the cyber security of Canadian health organizations involved in the national response to the pandemic.”

          Logibec also advises the implementation of backups on systems that previously appeared less critical, such as Med-Echo and Clinibase SICHELD. The current pandemic highlighted the ongoing need for information on these databases to support statistics and the monitoring of patient care episodes.

          Information Security specialists at Logibec, say that in times of a pandemic, “it is essential to remember the right reflexes, to test our recovery plans, our backups and our data recoveries. I also recommend the implementation of Security Table-Top Exercises. These provide a better understanding of roles and responsibilities during an incident, reinforce inter-team synergies, validate strategies and ensure that the continuity plan is up to date. Also, feel free to simulate critical system failures to validate your ability to recover and to detect any issues, such as non-functional backups.”

           

          Logibec can help you set up a recovery solution and develop your action plan

          Find out more about services included in the solution offered by Logibec >

           

          MHSS and Logibec at Health Informatics: Electronic forms

          During the 2022 edition of the Health Informatics symposium, Logibec had the privilege of leading a workshop in partnership with the Ministry of...

          Read More

          Logibec finalist at the 32nd ADRIQ Innovation Awards

          For the 32nd ADRIQ Innovation Awards Gala, Logibec is delighted to be among the finalists in the "Innovation from Public Research" category thanks to...

          Read More

          Manitoba’s Northern Health Region Modernizes Staff Scheduling with Logibec

          Montréal, Québec, September 29, 2022 – Logibec announced today that the largest territorial Regional Health Authority in Manitoba, Northern Health...

          Read More