The company
Crossroads Children’s Mental Health Centre (CCMHC), a not-for-profit organization, provides Ottawa children under the age of twelve and their families a range of mental health services and support in the home, schools, and community.
Lynn LaHam, CPA and CGA, joined CCMHC in 2006 as Director of Finance and explains the organization’s unique mission and success.
“We are a leader in our province and in our country and that’s due to our child-centered, family-focused approach and our strong belief in early intervention. We continue to be on the leading edge in new services and treatments, research, and partnerships that will help make an impact in children’s mental health,” she says.
The challenge
While Lynn’s primary role is ensuring CCMHC remains financially viable, she also manages all IT and security for the organization.
With 30 years of experience in financial management, mostly in technology and the for-profit sector, Lynn has also worn an IT hat for many of those years. This background has prepared her for today’s challenges, including a fast-changing threat landscape, increased data protection regulations from the Health Insurance Portability and Accountability Act (HIPAA) and the Personal Health Information Protection Act (PHIPA), and an employee and client base of digitally-connected users.
“As a healthcare organization, we are held to a much higher standard for cybersecurity and data protection because of the confidential client data we manage. But the reality is for a not-for-profit of our size and the changing role of IT, we wouldn’t be able to keep pace with the continual training and expertise needed for a dedicated IT position so we depend on external support from IT service providers.”
The solution
For Lynn, the unknown is probably one of her biggest security concerns. And this rang clear one year ago when CCMHC became victim of a ransomware attack.
“Someone had gained access to our network, took data and asked for bitcoin in exchange for it back,” she explains. “The ransomware attack was a wake-up call. Prior to this, we had always accepted things at face value and we were not aware of the risks that could be targeting our organization and network. After the attack, we literally found holes in our system that we didn’t know we had.”
Fortunately, Lynn had started moving CCMHC’s operations to the cloud a few years ago so client and other confidential data was untouched by the attack. “The stolen data was mostly older documents that we had not prioritized to move to the cloud yet,” adds Lynn.
Lynn took immediate steps to find out how the attack happened, remediate the damage, and put proactive measures in place.
She contacted Field Effect, a global provider of a managed detection and response (MDR) solution and incident response (IR) services “Within 24 hours, the Field Effect team had put its Field Effect MDR monitoring appliance on our network, and not only determined the cause of the attack but thoroughly evaluated our network health to identify any other vulnerabilities or potential risks,” says Lynn.
Field Effect’s forensics and analysis revealed that the attacker was able to access passwords shared online through CCMHC’s internal network. “We were able to identify that our password security was the major factor,” says Lynn. “It was amazing to see the level of detail from Field Effect’s services. We never had exposure to something like network forensics or threat monitoring.”
The results
After the attack, there were a lot of learnings, significant improvements, and new advantages.
She shares, “it was a very educational experience for us. You hear news of cyberattacks but you never think it will happen to you. It wasn’t until something went wrong that we found out how many holes we had.
Lynn estimates that CCMHC’s threat detection and protection have improved 100% from one year ago. She attributes this to Field Effect MDR’s real-time threat monitoring, vulnerability discovery, and analysis across CCMHC’s entire IT environment.
In contrast to other MDR solutions, Field Effect MDR consolidates security events into actionable alerts—a proprietary alert and reporting process called Actions, Recommendations, and Observations (AROs). AROs provide clear, practical information with specific remediation steps.
According to Lynn, AROs not only provide visibility to threats, but deliver the guidance needed to eliminate risks.
User education has also increased by at least 95% and security has improved for more than 2,000 clients and guests that visit CCMHC each year for our walk-in clinics, to attend meetings or events, or use CCMHC WiFi.
