Case Study Institute for Clinical Evaluative Studies

Industry:

Healthcare

Company Size:

250 - 499

Location:

Ontario

Services Used:

Purple Teaming

As a prescribed entity, ICES’ practices and procedures must be reviewed and approved every three years by the Office of the Information and Privacy Commissioner of Ontario to ensure ICES protects the privacy of individuals whose information it receives and ICES maintains the confidentiality of that information.

The Institute for Clinical Evaluative Studies (“ICES”) is one of a handful of organizations in Ontario that have been specifically designated as a prescribed entity to collect, use, and disclose personal information under the province’s Personal Health Information Protection Act and under the Coroners Act.

As a prescribed entity, ICES’ practices and procedures must be reviewed and approved every three years by the Office of the Information and Privacy Commissioner of Ontario to ensure ICES protects the privacy of individuals whose information it receives and ICES maintains the confidentiality of that information.

ICES leads cutting-edge studies that evaluate healthcare delivery and outcomes. ICES researchers access a vast and secure array of Ontario’s health-related data, including population-based health surveys, anonymous patient records and clinical and administrative databases. ICES is recognized as a leader in maintaining the privacy and security of health information.

Primary Objective

Cybersecurity’s role within ICES, as a trusted steward of Ontario’s health-related data, is executing their commitment to maintaining the confidentiality of individuals within the province. This includes safeguarding data against threat actors, who are continuously evolving their tactics, techniques, and procedures in the ongoing assault against healthcare organizations.

When first partnering with Packetlabs, the ICES team’s main concern–and primary objective–was to ensure the confidentiality of the information entrusted to ICES long-term, alongside guaranteeing tactics, techniques, and procedures (TTPs) used by attackers are being logged and detected appropriately.access control best practices for those who are permitted to access said data.

Results

With 34% of all healthcare-related breaches across North America being attributed to unauthorized access, the ICES team understood the importance of taking their cybersecurity efforts beyond the standard vulnerability scan: due to how critical it is for ICES to evolve alongside their cybersecurity adversaries, the focus of Packetlabs’ strategies was to have ICES reevaluate their existing infrastructure through an in-depth Purple Teaming exercise.

"Working with the Packetlabs team has been an exceptional experience from the very beginning. The team’s experience and commitment to our project really set them apart as a reliable and valuable partner. From the initial stages of project planning to the execution of the delivery phases, Packetlabs demonstrated a deep understanding of our goals and requirements. Their ability to adapt to our needs and provide innovative solutions was instrumental to our success."

Todd Smeed, Director of Cybersecurity at ICES