LifeLabs - September 2023

Create healthier lives and enable patient data accessibility

Discussing the company’s product strategy and partnerships enabling data security is Mike Melo, VP Shared Service Technologies and CISO at LifeLabs

It was once expected that healthcare professionals were the bearers of all knowledge relating to patient information. But, with an increasing presence of digital technologies in the medical profession, individuals are now able to take this into their own hands and discover more about their own physical wellbeing for the better.

This is the core mission of LifeLabs, Canada’s leading provider of laboratory diagnostic services, which is responsible for crucial patient data pertaining to their health. Responsible for critical stages of the healthcare process, LifeLabs as an organisation is responsible for carrying out important blood and ECG tests for patients across Canada and is an integral stakeholder in their medical journeys and vice versa.

The company is the largest medical diagnostic firm in Canada with operations in Ontario, British Columbia – and in Saskatchewan – providing crucial services to the Canadian population. Having spoken to one of the company’s executives, we learn the relevance of its services in relation to the coronavirus (COVID-19) pandemic as it was instrumental in a number of ways.

“We were on the front lines of COVID-19 testing, supporting our government partners, helping airlines keep flying and even provided testing services to the NHL. Our labs have completed over five million COVID-19 tests. We’re making a significant impact, and we’re proud of it!,” says the company’s VP Technology Shared Service and CIO Mike Melo.

Conversing with Melo to uncover more around cybersecurity, the organisation has undergone a major overhaul with its CISO at the forefront of bringing together its IT and cybersecurity teams to harmonise their approaches. The focus on cybersecurity is a result of LifeLabs offering more and more services to its customers to allow them to take more control over their medical needs.

“We offer digital access to medical health records with better insights into what you can do with your health and really empower users to take this into their own hands and make great choices.

“ONE OF OUR BIGGEST CHALLENGES WAS CREATING A VIRTUAL REMOTE ACCESS ENVIRONMENT FOR OUR STAFF, ESPECIALLY DURING COVID-19”

That’s one of the reasons I came to LifeLabs, as I wanted to be a part of that journey and transform the digital healthcare space,” says Melo.

As the company evolves, more possibilities are opening up for patients, which requires particular attention to securing and protecting their data in the digital realm. As explained by Melo, the organisation is dedicated to providing high-quality healthcare services that come directly to the person. LifeLabs is offering more patient-centric services, much like its MyVisit solution – allowing phlebotomy experts to come directly to them – and also

MIKE MELO

TITLE: VP OF IT SHARED SERVICES AND CISO

COMPANY: LIFELABS

LOCATION: CANADA

Mike Melo is the Vice President of IT Shared Services and Chief Information Security Officer (CISO) at LifeLabs. Melo has truly made an impact with his invaluable contributions and exemplary leadership in senior IT roles. He has demonstrated remarkable expertise and dedication to ensuring the highest information security and technology excellence standards.

Melo was recently recognized as the Member of the Year in the CISO Division by the CIO Association of Canada (CIOCAN) while playing a pivotal role in driving innovation and safeguarding sensitive data. With his extensive knowledge and experience, Melo has elevated the IT landscape at LifeLabs, setting new benchmarks for excellence.

EXECUTIVE BIO

Collaborating with Netskope to secure the modern enterprise

Security must modernize to successfully keep up with cloud transformation and the needs of a hybrid workforce. Netskope sees and understands these changes and works with you to protect people and data anywhere they go.

We’re building a world where Identity belongs to you

Okta is the World’s Identity Company. Our Workforce and Customer Identity Clouds enable secure yet flexible access, authentication, and automation that transforms how people move through the digital world and puts Identity at the heart of business security and growth.

CrowdStrike protects healthcare systems from cyberattacks, so you can focus on delivering quality patient care

CrowdStrike sets the standard for cybersecurity in the cloud era. The CrowdStrike Falcon® platform protects and enables the people, processes and technologies such as LifeLabs and top Fortune 500 organizations that drive modern enterprise, delivering superior protection, better performance, reduced complexity and immediate time-to-value.

LifeLabs and other leading organizations around the globe are rapidly adopting a Secure Access Service Edge (SASE) architecture to safeguard data wherever it moves, support digital transformation efforts, and realize better efficiency and return -on-investment from their technology.

Netskope is already a widely acknowledged expert and innovator in CASB, SWG, ZTNA, Firewall-as-a-Service,

and other components of the Security Service Edge (SSE), which describes the security services needed for a successful SASE architecture. Among more than 2,500 worldwide customers, Netskope today serves more than 25 of the Fortune 100, and 5 of the world’s 7 largest healthcare providers.

As the leading independent Identity partner, we free everyone to safely use any technology anywhere, on any device or app.

The most trusted brands trust Okta to enable secure access, authentication, and automation. With flexibility and neutrality at the core of our Okta Workforce

Identity and Customer Identity

Clouds, business leaders and developers can focus on innovation and accelerate digital transformation, thanks to customizable solutions and more than 7,000 pre-built integrations.

CrowdStrike a global cybersecurity leader, has redefined modern security with the world’s most advanced cloud-native platform for protecting critical areas of enterprise risk – endpoints and cloud workloads, identity and data.

Powered by the CrowdStrike Security Cloud and world-class AI, the CrowdStrike Falcon® platform leverages real-time indicators of attack, threat intelligence, evolving adversary tradecraft and enriched telemetry from across the enterprise to deliver hyperaccurate detections, automated protection

and remediation, elite threat hunting and prioritized observability of vulnerabilities.

CrowdStrike secures the most critical areas of enterprise risk — endpoints and cloud workloads, identity and data — to keep organizations ahead of today’s adversaries and stop breaches.

CROWDSTRIKE: WE STOP BREACHES

offering ECG monitoring. Not only will this empower patients, but provide simpler, faster, and more flexible access to healthcare services.

“There’s been a lot of evolution over the five years I’ve been with LifeLabs. I would say the company has really focused on becoming customer-centric and how to make it easier for a customer to get access to, one, the services that they need, and two, their health care information,” says Melo.

During COVID-19, the company had to undergo a rapid transition to more data driven, digital healthcare, which is a response that is likely to allow better support as well as prevention of critical conditions in the future. However, in doing so the team recognised the need for a robust cybersecurity approach to ensure that patient data remains secure for all.

Why is cybersecurity so crucial in the healthcare sector?

Following the journey of LifeLabs really highlights the significance of cyber as a construct in the medical industry. Upon joining the team, the team experienced an attack on its system, provoking the need for a dedicated CISO. These types of attacks come in abundance across the sector.

“LifeLabs focused heavily on rebuilding stakeholder trust after the event. We embarked on this new transformation to not only ensure we were appropriately managing PHI and evolving the ways we managed and secured patient health information, but also looking at how to innovate in the cybersecurity space,” says Melo.

The key aim here, as also mentioned by the CISO, is to become a true leader of Canada’s healthcare sector with zero-trust protocols embedded into everything it does.

“I think we’ve done that over the past four years, since I began leading the charge in cybersecurity,” he says. “We have evolved. We enhanced rigorous governance surrounding the security culture within the organisation. And it’s not just within the security practice, it brings accountability and responsibility to all of our users.”

As the old cliche goes, “teamwork makes the dream work”

Much of this exercise involves team building, which is where Melo’s role really takes shape with backing from the company’s President and CEO, Charles Brown. Aligning being a key theme for the organisation, Melo was responsible for developing an approach to team building that allowed both the cyber operations and the IT teams to collaborate as one. This involved first understanding both sides of the coin and then determining a process that meets the needs of both.

So with teams aligned and data now a critical component of healthcare cybersecurity operations, where is it secured?

The LifeLabs approach – enforced by Melo and team – is a cloud-based one, which seems to be a no-brainer for the company.

As alluded to, cloud creates a simpler, more flexible environment for secure data actions with many of the most recent cybersecurity developed in line with cloud services. When providing this insight, Melo explains that organisations should not simply jump into the cloud environment without careful research and a supportive approach.

“There’s definitely some pros and cons that need to be weighed up when you’re looking

at what type of workloads you’ll be moving to the cloud, and equally important, how you’re going to secure them,” says Melo.

Cloud and on-prem infrastructures are very different in nature. It’s not a lift and shift model, especially from a cybersecurity perspective. You need a purpose-built programme, standards, and structure when operating in the cloud.”

Melo also notes that if cybersecurity was not a critical conversation today, the results of inactivity may have seen LifeLabs in a different position from a commercial perspective.

Interception of cyber breaches is a crucial act of social demand, but also a key part of sustaining growth for the business.

Working with its partners in cybersecurity, such as Okta and CrowdStrike, the company has the support of these leading firms to drive the company forward in its cloud journey; enabling LifeLabs to identify the most imminent threats and defend its accounts.

“I’m proud of the partnership ecosystem that we’ve built at LifeLabs. It’s really helping us define success and what healthcare cybersecurity can look like,” says Melo.

“We leverage various technology organisations, but there are a few that become true partners in our journey in our cybersecurity initiatives. Some of those partners, such as Netskope, CrowdStrike and Okta, have really allowed us to provide better access for our employees, our customers, and ensure that their information is secure as we transform our organisation to a cloud-focused infrastructure and delivery model.

“These are very prominent leaders in their own regard, and they're very cloud focused. They help us in our cloud journey initiative

and, at the end of the day, they provide some of the fulcrum pieces of our security technology stack. They're the ones who are helping us identify threats, defend our account access, ensure that we are, you know, managing and governing various access to all of these new incredible products.”

One of its crucial partners, Netskope, was brought on board to help govern access to software-as-a-service (SaaS) products used by the company. The team works closely with Netskope to reduce the threat landscape surrounding edge applications.

“We’ve done a lot of work with Netskope to govern access to SaaS products; being able to ultimately undergo decryption at scale to gain proper visibility of what’s egressing our environment; understanding what threats are out there, because now we have the visibility to see them and analyse them,” Melo says.

“One of our biggest challenges was creating a virtual remote access environment for our staff, especially during COVID-19. There was a massive demand for remote access to most organisations and traditional VPN models just weren’t able to keep up. They weren’t built with the bandwidth requirements and capacity in mind.”

Netskope is a critical partner for enabling LifeLabs’ zero-trust approach and provides the company with low-latency and secure connected services, which is aligned with the overall goal of stable data sharing.

“Stability is critical for our success as we are a hybrid organisation and we’re able to have security policies that essentially follow the user and not the traditional means of following a corporate asset,” Melo explains.

“I think that our journey with Netskope has been one of our greatest successes and our ability to adapt and evolve over the past four years, our cloud journey and also our hybrid remote work journey.”

The future of the company is secure and over the foreseeable months cloud and cybersecurity will be the main focus points for the business. Melo and his team are also embracing the impending integration of AI in its processes and leveraging tools like ChatGPT in more mainstream applications.

LifeLabs

100 International Blvd

Toronto Ontario Canada M92 6J6

T 416-675-4530

lifelabs.com

POWERED BY: