Cyber Tales 4: How BOXX vCISO Jack Brooks protected patient privacy via mindfulness over malware

Cyber Tales 4: How BOXX vCISO Jack Brooks protected patient privacy via mindfulness over malware

Cyber Tales 4: How BOXX vCISO Jack Brooks protected patient privacy via mindfulness over malware | Insurance Business Canada

Cyber

Cyber Tales 4: How BOXX vCISO Jack Brooks protected patient privacy via mindfulness over malware

This Real Life Cyber Story shows an ounce of prevention is worth a pound of cure in safeguarding data

This article was provided by BOXX Insurance as the fourth of six installments in their Real Life Cyber Stories series. Places, industries, and names have been changed to preserve client privacy. Be sure to check out the first, second, and third stories as well.

Access to mental health support is essential to our wellbeing, yet many people face challenges, even with workplace coverage or extended benefit plans. Long wait times for in-person programs and the struggle to find time for appointments with busy work, school, and home schedules are significant barriers to seeking help. For people living in remote or rural areas, finding mental health support is even more challenging.

Thankfully, as stigma around mental health decreases, more Canadians are turning to online resources. Pacific Wellness Connect is on online therapy provider in British Columbia with a team of nearly a hundred employees, including mental health professionals like social workers, mental health nurses, registered counsellors and psychologists. A small admin and an IT team operate out of the head office in downtown Victoria — where this month’s Cyber Tale begins.

Pacific Wellness Connect delivers online therapy services via their own digital platform. The company is careful to meet all regulations and invests in robust cyber security, including BOXX’s Cyberboxx Business 5.0. Patient privacy and data security is core to their mandate. And so BOXX’s virtual Chief Information Officer (vCISO) Jack Brooks, was surprised when the online healthcare was flagged in a security scan.

See also  Ascot Group appoints former Florida governor aide as new legal counsel

 “We routinely scan client systems for vulnerabilities. When we discover a potential security issue, we get in touch with the client. We’ll send an email alert, inviting them to reach out to our team of security experts for help. But when it comes to healthcare or other highly sensitive data, I pick up the phone.”




BOXX business client: Pacific Wellness Connect









offers psychological counseling services to patients in BC through online therapist-assisted therapy
Corporate Office in Victoria, BC
97-104 employees including ~ 90 mental health professionals: registered social workers, mental health nurses, psychotherapists, and psychologists + admin, marketing & IT team
Available to employers, insurers, benefits providers and the public sectors

IT Manager Wren Lee

Lives in Victoria, BC





Jack connected with the company’s IT lead, Wren Lee, to share his findings. Initially, Wren was skeptical, asserting that all their servers were securely situated in the cloud. But years of experience had honed Jack’s cyber security senses—and they were tingling.  Recognizing the gravity of the situation, Jack delved deeper.

His suspicions were confirmed when he discovered the address for an on-premises email exchange server lurking somewhere within Pacific Wellness Connect’s network environment. With this information, Jack was able to help direct Wren to investigate further.

“I was pretty blown away by Jack’s dedication to our situation,” Wren reflected. “Even after I blew him off, he went out of his way to call me back with more information. If he hadn’t done that… Well, I don’t like to think about that. I feel sick when I think about the potential fallout.”

See also  BI wording fallout: industry's risk governance lapses stoke APRA concerns

Sure enough, Wren and the IT team uncovered a forgotten email exchange server plugging away in an old server room.  A junior system administrator had accessed it to remove data a couple of months ago and forgot to shut it down after he was done. It was a simple mistake that could have led to a devastating cyber-attack.

Jack explains, “An outdated email server, left unattended and unsecured, is low hanging fruit for cyber criminals. Given the sensitive information handled and stored by Pacific Wellness Connect, they’re particularly vulnerable to data theft and ransomware attacks. And this server had full access to everything in their network.”

The impact on the hundreds of British Columbians who rely on Pacific Wellness Connect’s services would have been devastating. Not only would hackers have access to deeply personal patient data, but essential mental health services could have been disrupted, compromising the care of already vulnerable people in the community.

 As more patient records are digitized and telemedicine grows, the risk of cyber threats rises. Strong cybersecurity measures are vital for protecting patient data and defending against ransomware attacks. Jack’s vigilance not only averted a potential crisis but also underscores how important it is to predict and prevent cyber security threats.

As Wren puts it, “BOXX was one step ahead, trying to prevent a bad situation. It’s like they’re out there patrolling the parking lot and checking the locks,” she joked, “It’s very reassuring.”

Thanks to cyber security experts like Jack and the BOXX team, Pacific Wellness Connect came out unscathed, keeping its sensitive data secure. Without Jack’s expertise, the situation could have been drastically different. If hackers had exploited the vulnerable email exchange server, Wren and the team would be grappling with the aftermath of compromised patient data instead of focusing on enhancing their services. Wren emphasizes that if a breach had occurred, there might not even be any clients left to innovate for.

See also  BrokerLink announces triple swoop in Greater Toronto Area

“In our industry, building patient trust is a priority. Sure, with everyone on devices, online therapy is convenient, but patients worry about their privacy. And they should be. We go to great lengths to assure our clients that their data is safe with us. A breach would likely undo all of that. I think we’d lose everything.”

Cybersecurity insurance is vital for every business, but it’s especially critical for those in healthcare. BOXX’s team of security experts specializes in preventing cyber threats. With professionals like Jack Brooks proactively predicting and addressing potential risks, businesses insured by BOXX can focus on growth without worrying about cybersecurity issues.

Related Stories

Keep up with the latest news and events

Join our mailing list, it’s free!