It was once expected that healthcare professionals were the bearers of all knowledge relating to patient information. But, with an increasing presence of digital technologies in the medical profession, individuals are now able to take this into their own hands and discover more about their own physical wellbeing for the better.
This is the core mission of LifeLabs, Canada’s leading provider of laboratory diagnostic services, which is responsible for crucial patient data pertaining to their health. Responsible for critical stages of the healthcare process, LifeLabs as an organisation is responsible for carrying out important blood and ECG tests for patients across Canada and is an integral stakeholder in their medical journeys and vice versa.
The company is the largest medical diagnostic firm in Canada with operations in Ontario, British Columbia—and in Saskatchewan—providing crucial services to the Canadian population. Having spoken to one of the company’s executives, we learn the relevance of its services in relation to the coronavirus (COVID-19) pandemic as it was instrumental in a number of ways.
“We were on the front lines of COVID-19 testing, supporting our government partners, helping airlines keep flying and even provided testing services to the NHL. Our labs have completed over 5 million COVID-19 tests. We're making a significant impact, and we're proud of it!,” says the company’s VP Technology Shared Service and CISO Mike Melo.
Conversing with Melo to uncover more around cybersecurity, the organisation has undergone a major overhaul with its CISO at the forefront of bringing together its IT and cybersecurity teams to harmonise their approaches. The focus on cybersecurity is a result of LifeLabs offering more and more services to its customers to allow them to take more control over their medical needs.
“We offer digital access to medical health records with better insights into what you can do with your health and really empower users to take this into their own hands and make great choices. That’s one of the reasons I came to LifeLabs, as I wanted to be a part of that journey and transform the digital healthcare space,” says Melo.
As the company evolves, more possibilities are opening up for patients, which requires particular attention to securing and protecting their data in the digital realm. As explained by Melo, the organisation is dedicated to providing high-quality healthcare services that come directly to the person. LifeLabs is offering more patient-centric services, much like its MyVisit solution—allowing phlebotomy experts to come directly to them—and also offering ECG monitoring. Not only will this empower patients, but provide simpler, faster, and more flexible access to healthcare services..
“There's been a lot of evolution over the five years I've been with LifeLabs. I would say the company has really focused on becoming customer-centric and how to make it easier for a customer to get access to, one, the services that they need, and two, their health care information,” says Melo.
During COVID-19, the company had to undergo a rapid transition to more data driven, digital healthcare, which is a response that is likely to allow better support as well as prevention of critical conditions in the future. However, in doing so the team recognised the need for a robust cybersecurity approach to ensure that patient data remains secure for all.
Why is cybersecurity so crucial in the healthcare sector?
Following the journey of LifeLabs really highlights the significance of cyber as a construct in the medical industry. Upon joining the team, the team experienced an attack on its system, provoking the need for a dedicated CISO. These types of attacks come in abundance across the sector.
“LifeLabs focused heavily on rebuilding stakeholder trust after the event. We embarked on this new transformation to not only ensure we were appropriately managing PHI and evolving the ways we managed and secured patient health information, but also looking at how to innovate in the cybersecurity space,” says Melo.
The key aim here, as also mentioned by the CISO, is to become a true leader of Canada’s healthcare sector with zero-trust protocols embedded into everything it does.
“I think we’ve done that over the past four years, since I began leading the charge in cybersecurity,” he says. “We have evolved. We enhanced rigorous governance surrounding the security culture within the organisation. And it’s not just within the security practice, it brings accountability and responsibility to all of our users.”
As the old cliche goes, “teamwork makes the dream work”
Much of this exercise involves team building, which is where Melo’s role really takes shape with backing from the company’s President and CEO, Charles Brown. Aligning being a key theme for the organisation, Melo was responsible for developing an approach to team building that allowed both the cyber operations and the IT teams to collaborate as one. This involved first understanding both sides of the coin and then determining a process that meets the needs of both.
“Cybersecurity is bullish on risk mitigation and reduction—just getting things done rapidly to a short timeline. And, it’s usually because cybersecurity is very high tension with higher stakes,” says Melo.
“When you look at IT infrastructure generally and how it has historically progressed over the years, it’s maybe not so agile. There’s a lot of complexity in infrastructure given the fact that it’s somewhat older—more mature.”
Of course understanding the importance of both, the aim was to inject both technical aspects into each other to determine a more unified system for dealing with the threat landscape that healthcare faces today.“We needed to demonstrate an understanding of why we are carrying out cybersecurity activities, and then show how things work operationally in the IT department,” Melo says.
“I think bridging those two worlds together has allowed us to break down silos and work more collaboratively.”
A cloud response to healthcare cybersecurity
So with teams aligned and data now a critical component of healthcare cybersecurity operations, where is it secured? The LifeLabs approach—enforced by Melo and team—is a cloud-based one, which seems to be a no-brainer for the company.
As alluded to, cloud creates a simpler, more flexible environment for secure data actions with many of the most recent cybersecurity developed in line with cloud services. When providing this insight, Melo explains that organisations should not simply jump into the cloud environment without careful research and a supportive approach.
“There’s definitely some pros and cons that need to be weighed up when you’re looking at what type of workloads you’ll be moving to the cloud, and equally important, how you’re going to secure them,” says Melo.
Cloud and on-prem infrastructures are very different in nature. It’s not a lift and shift model, especially from a cybersecurity perspective. You need a purpose-built programme, standards, and structure when operating in the cloud.”
Melo also notes that if cybersecurity was not a critical conversation today, the results of inactivity may have seen LifeLabs in a different position from a commercial perspective. Interception of cyber breaches is a crucial act of social demand, but also a key part of sustaining growth for the business.
Working with its partners in cybersecurity, such as Okta and CrowdStrike, the company has the support of these leading firms to drive the company forward in its cloud journey; enabling LifeLabs to identify the most imminent threats and defend its accounts.
“I’m proud of the partnership ecosystem that we’ve built at LifeLabs. It’s really helping us define success and what healthcare cybersecurity can look like,” says Melo.
“We leverage various technology organisations, but there are a few that become true partners in our journey in our cybersecurity initiatives. Some of those partners, such as Netskope, CrowdStrike and Okta, have really allowed us to provide better access for our employees, our customers, and ensure that their information is secure as we transform our organisation to a cloud-focused infrastructure and delivery model.
“These are very prominent leaders in their own regard, and they're very cloud focused. They help us in our cloud journey initiative and, at the end of the day, they provide some of the fulcrum pieces of our security technology stack. They're the ones who are helping us identify threats, defend our account access, ensure that we are, you know, managing and governing various access to all of these new incredible products.”
Netskope came on board to help govern access to software-as-a-service (SaaS) products used by the company. The team works closely with Netskope to reduce the threat landscape surrounding edge applications.
“We've done a lot of work with Netskope to govern access to SaaS products; being able to ultimately undergo decryption at scale to gain proper visibility of what's egressing our environment; understanding what threats are out there, because now we have the visibility to see them and analyse them,” Melo says.
“One of our biggest challenges was creating a virtual remote access environment for our staff, especially during COVID-19. There was a massive demand for remote access to most organisations and traditional VPN models just weren't able to keep up. They weren't built with the bandwidth requirements and capacity in mind.”
Netskope is a critical partner for enabling LifeLabs’ zero-trust approach and provides the company with low-latency and secure connected services, which is aligned with the overall goal of stable data sharing.
“Stability is critical for our success as we are a hybrid organisation and we're able to have security policies that essentially follow the user and not the traditional means of following a corporate asset,” Melo explains.
“I think that our journey with Netskope has been one of our greatest successes and our ability to adapt and evolve over the past four years, our cloud journey and also our hybrid remote work journey.”
The future of the company is secure and over the foreseeable months cloud and cybersecurity will be the main focus points for the business. Melo and his team are also embracing the impending integration of AI in its processes and leveraging tools like ChatGPT in more mainstream applications.
- Mike Melo