ICES Case Study -PlutoSec - Cyber Security Canada
Eiusmod enim tempor incididunt aut labore et dolore magna aliua ruis nostrud exercitation ullamco laboris.
Company Overview
As a regulated entity, ICES’ practices and procedures are subject to review and approval every three years by the Office of the Information and Privacy Commissioner of Ontario. This ensures that ICES safeguards the privacy of individuals whose information it handles and maintains the confidentiality of that information.
Table of Contents
- Main Goal
- Outcomes
The Institute for Clinical Evaluative Studies (ICES) is one of the few organizations in Ontario designated as a prescribed entity authorized to collect, use, and disclose personal information under the Personal Health Information Protection Act and the Coroners Act.
As a prescribed entity, ICES’ practices and procedures are subject to review and approval by the Office of the Information and Privacy Commissioner of Ontario every three years. This process ensures that ICES effectively protects the privacy of individuals whose information it manages and maintains the confidentiality of that data.
ICES conducts innovative research to evaluate healthcare delivery and outcomes. The institute has access to a comprehensive and secure collection of Ontario’s health-related data, including population-based health surveys, anonymous patient records, and clinical and administrative databases. ICES is renowned for its leadership in safeguarding the privacy and security of health information.
Main Goal
In its role as a trusted steward of Ontario’s health-related data, ICES is committed to maintaining the confidentiality of individuals across the province. This responsibility includes protecting data from evolving threats and adversaries who continually refine their tactics, techniques, and procedures in their ongoing attacks on healthcare organizations.
When initially partnering with Packetlabs, ICES’ primary concern and main objective was to ensure the long-term confidentiality of the information entrusted to them. This involved verifying that tactics, techniques, and procedures (TTPs) used by attackers are effectively logged and detected, as well as implementing best practices for access control for those authorized to access the data.
Outcomes
Given that 34% of healthcare-related breaches in North America are due to unauthorized access, the ICES team recognized the need to advance their cybersecurity efforts beyond routine vulnerability scans. Understanding the critical importance of evolving alongside cybersecurity threats, ICES sought PlutoSec’s expertise to conduct a comprehensive Purple Teaming exercise. This approach aimed to thoroughly reassess their existing infrastructure and strengthen their defenses against emerging threats.
Partnering with the PlutoSec team has been an outstanding experience from start to finish. Their expertise and dedication to our project distinguished them as a dependable and valuable partner. From the initial project planning to the execution of the delivery phases, PlutoSec showed a profound understanding of our goals and requirements. Their flexibility and innovative solutions were crucial to our success.
Get in Touch
Simply fill out this form and get your copy today!
Empowering engagement through meaningful dialogue.
visit us, phone, or email for personalized assistance.
- +1 (905) 367-6038
- Contact@plutosec.ca
- 335 Yonge St, Toronto, ON M5B 2L3