Access to mental health support is essential to our wellbeing, yet many people face challenges, even with workplace coverage or extended benefit plans. Long wait times for in-person programs and the struggle to find time for appointments with busy work, school, and home schedules are significant barriers to seeking help. For people living in remote or rural areas, finding mental health support is even more challenging.
Thankfully, as stigma around mental health decreases, more Canadians are turning to online resources. Pacific Wellness Connect is on online therapy provider in British Columbia with a team of nearly a hundred employees, including mental health professionals like social workers, mental health nurses, registered counsellors and psychologists. A small admin and an IT team operate out of the head office in downtown Victoria — where this month’s Cyber Tale begins.
Pacific Wellness Connect delivers online therapy services via their own digital platform. The company is careful to meet all regulations and invests in robust cyber security, including BOXX's Cyberboxx Business 5.0. Patient privacy and data security is core to their mandate. And so BOXX’s virtual Chief Information Officer (vCISO) Jack Brooks, was surprised when the online healthcare was flagged in a security scan.
“We routinely scan client systems for vulnerabilities. When we discover a potential security issue, we get in touch with the client. We’ll send an email alert, inviting them to reach out to our team of security experts for help. But when it comes to healthcare or other highly sensitive data, I pick up the phone.”
|
BOXX business client: Pacific Wellness Connect |
|---|
|
Jack connected with the company's IT lead, Wren Lee, to share his findings. Initially, Wren was skeptical, asserting that all their servers were securely situated in the cloud. But years of experience had honed Jack’s cyber security senses—and they were tingling. Recognizing the gravity of the situation, Jack delved deeper.
His suspicions were confirmed when he discovered the address for an on-premises email exchange server lurking somewhere within Pacific Wellness Connect's network environment. With this information, Jack was able to help direct Wren to investigate further.
"I was pretty blown away by Jack’s dedication to our situation," Wren reflected. "Even after I blew him off, he went out of his way to call me back with more information. If he hadn’t done that... Well, I don’t like to think about that. I feel sick when I think about the potential fallout."
Sure enough, Wren and the IT team uncovered a forgotten email exchange server plugging away in an old server room. A junior system administrator had accessed it to remove data a couple of months ago and forgot to shut it down after he was done. It was a simple mistake that could have led to a devastating cyber-attack.
Jack explains, “An outdated email server, left unattended and unsecured, is low hanging fruit for cyber criminals. Given the sensitive information handled and stored by Pacific Wellness Connect, they’re particularly vulnerable to data theft and ransomware attacks. And this server had full access to everything in their network.”
The impact on the hundreds of British Columbians who rely on Pacific Wellness Connect's services would have been devastating. Not only would hackers have access to deeply personal patient data, but essential mental health services could have been disrupted, compromising the care of already vulnerable people in the community.
As more patient records are digitized and telemedicine grows, the risk of cyber threats rises. Strong cybersecurity measures are vital for protecting patient data and defending against ransomware attacks. Jack's vigilance not only averted a potential crisis but also underscores how important it is to predict and prevent cyber security threats.
As Wren puts it, "BOXX was one step ahead, trying to prevent a bad situation. It’s like they're out there patrolling the parking lot and checking the locks,” she joked, “It’s very reassuring."
Thanks to cyber security experts like Jack and the BOXX team, Pacific Wellness Connect came out unscathed, keeping its sensitive data secure. Without Jack's expertise, the situation could have been drastically different. If hackers had exploited the vulnerable email exchange server, Wren and the team would be grappling with the aftermath of compromised patient data instead of focusing on enhancing their services. Wren emphasizes that if a breach had occurred, there might not even be any clients left to innovate for.
"In our industry, building patient trust is a priority. Sure, with everyone on devices, online therapy is convenient, but patients worry about their privacy. And they should be. We go to great lengths to assure our clients that their data is safe with us. A breach would likely undo all of that. I think we'd lose everything."
Cybersecurity insurance is vital for every business, but it's especially critical for those in healthcare. BOXX's team of security experts specializes in preventing cyber threats. With professionals like Jack Brooks proactively predicting and addressing potential risks, businesses insured by BOXX can focus on growth without worrying about cybersecurity issues.
