The Customer

As Canada’s largest hospital-based, health  research organization, University Health Network  (UHN) in Toronto, Ontario, has become a national  leader in developing research around cardiology,  transplantation, neurosciences, oncology, surgical  innovation, infectious diseases, genomic medicine and  rehabilitation medicine.

Comprised of several sites—Toronto General and  Toronto Western hospitals, the Princess Margaret  Cancer Centre, Toronto Rehabilitation Institute and  The Michener Institute of Education—UHN is gathering  substantial amounts of patient health information daily  across its entire network resulting in large repositories  of sensitive data.

The Challenge

 Cyber security incidences are never good for business, and when it comes to sensitive health information, data breaches of any kind can be especially perilous. UHN had an in-house security operation centre but finding staff to run it 24 hours a day as needed was proving difficult and resulting in a high staff turnover rate. Plus, a variety of commercial solutions used in daily operations required costly maintenance—a real deterrent for a public sector entity facing constant budget constraints.

UHN needed to find a partner who could not only provide an economical solution to safeguard all this sensitive data across multiple networks but also be able to respond to security breaches around the clock to quickly mitigate their severity. “We collect a lot of information in giving care to our patients that we need to protect as hackers are always looking to leverage that data for identity theft,” says Kashif Parvaiz, chief information security officer at UHN. “As a hospital providing clinical services, it’s also about making sure our systems are still operating regardless of what happens.”

We collect a lot of information in giving care to our patients that we need to protect as hackers are always looking to leverage that data for identity theft. As a hospital providing clinical services, it’s also about making sure our systems are still operating regardless of what happens. – Kashif Parvaiz, Chief Information Security officer, UHN

The Solution

With a proven track record in partnering with large organizations within the healthcare system, Calian already had the expertise to implement a security system that could safeguard vast amounts of sensitive information across multiple locations. Following a rigorous selection process—including reference checks from previous clients—UHN determined that Calian was its best ally in implementing a solution that could work seamlessly and effectively across its multi-site organization.

In starting the onboarding process in January 2023, Calian first tested for already existing vulnerabilities across the client’s networks before moving all of UHN’s assets onto its security event management system. Given that the platform was continuously monitored by the Calian team, UHN could rest assured that security incidences would be captured and dealt with promptly. Calian continues to stay one step ahead of security threats with 24x7x365 support, efficient security management and threat intelligence.

“We’re getting the event logs from the organization’s environment, we’re correlating via a single pane of glass across the system, and we’re quickly responding to any incidences,” says Mohamed Khattab, program manager at Calian. “It’s us actually getting into their environment, containing the breached asset (or shutting it down), investigating, and working hand in hand with the client on next steps.”

Something as simple as someone trying to log in multiple times into the system will generate an alert to Calian’s platform, says Khattab. “It could be a breach, or it could be someone just knocking on the door,” he says. “They can’t get into the network but we know they are there.”

Calian provides a monthly comprehensive executive report, which is reviewed by a dedicated technical account manager (TAM). This facilitates data-driven discussions in three areas: technical, strategy, and service improvement. UHN is able to drill into this information to review each individual site log details with portal access to Calian’s proprietary C360 platform.

The Results

In partnering with Calian, UHN has been able to reduce  monthly staff costs associated with running an inhouse security system by 30 to 40 per cent. The staff  remaining can focus on more critical issues while  leaving the round-the-clock monitoring to their solution  provider. 

 “They’re actually more engaged and more likely to stay  with [UHN] because the work is more high-level,” says  Parvaiz.  He says he also appreciated being able to get a report  of incidences, alerts and response times every month  across the network to see how trends are evolving  over time. “That’s a service we didn’t have before and  from my regional perspective, I find it useful to see that  across the organization,” he says.

 With all its entities now using the same solution provider,  vulnerabilities at one site can be quickly mitigated  across UHN, protecting the region at large. “Those in  cybersecurity know that incidences nearly always occur  over the weekend or in the middle of the night, so it has  given us a level of comfort in knowing we have 24-hour  monitoring of our systems,” says Parvaiz.  


Partner with Calian for proactive, round-the-clock cybersecurity solutions—keeping your data secure and your business resilient.

Learn more
This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.