We have reviewed these standards, and believe that, whether you choose to certify or not, these recommendations are so helpful that every private health care clinic should consider adopting them as a baseline.

Additional measures, of course, may be needed to meet provincial and federal health cyber-security requirements. But what we particularly like about these standards is that they adhere to what the authors call the "80/20" rule. I.e., adopting them will give you 80% of benefit, from 20% of effort. Recommended controls are practical, and are focused on making a significant difference towards protecting small and medium sized businesses from cyber-threats.

Taken as a whole, these standards may appear a bit daunting. And yes, you will likely need a security specialist to help review your clinic's current state and implement effective measures. That should not stop you from getting started. While all of the measures are important, begin by taking one step at at time., and focus on what you can do, right now. To help with this, we will explore individual areas of these controls in future journal posts, and include tips that are especially applicable to health care clinics.

There is, however, some urgency towards adopting these measures now. With the re-emergence of extortion in recent months as a serious cyber-security risk, please make sure to read our update on ransomware, and, if you have access to it, our article, published last week for physicians across Canada in the Canadian Healthcare Network.

In the meantime, please take a look at the CCCS standards mentioned above, and also found here. You may want to consider updating or drafting your clinic IT security policies with them in mind.

If you need assistance, contact us.