Cybersecurity threats such as cyberattacks, cyberbreaches and cyberlosses are occurring with increasing frequency and health-care organizations (including midwives and midwifery practice groups) are often targeted. Cyberattacks can have serious consequences, and a good understanding of your cyber and privacy protections can help prevent problems and minimize the consequences of an attack if it does occur.
- Cybersecurity: Guiding Principles and Risk Management Advice. HIROC, Feb 2023.
- Planning for Cyber Security Incidents: A Crisis Communications Guide. HIROC, Jan 2023.
- Webinar: Privacy update for regulated health professionals. Presented by Kate Dewhirst, 2023.
- How to Protect Against Ransomware (PDF, 694 KB). Information and Privacy Commissioner of Ontario, Oct 2022.
- Webinar: Cybersecurity and Privacy Breach workshop for midwife subscribers. Presented by HIROC, June 2022.
Cyberloss in health care can include:
privacy breaches – when a cybercriminal steals sensitive data
malware – when a third party maliciously attacks your system, infecting or encrypting your files; often contained within an email attachment
phishing – when you receive a random fraudulent email that appears legitimate, asking you to login to an account at the provided link (e.g. to your bank), and then your information is stolen
ransomware – malware in which a ransom is demanded to regain access to your files
social engineering fraud – when the cybercriminal learns about you and uses the information to manipulate you (e.g. by sending an email disguised as being from someone you know, requesting your password or banking information)
exploitation of vulnerabilities – when the cybercriminal figures out the easiest way to break into your system and takes advantage (e.g. virus software or patches not updated).
The most common claims among health-care organizations are ransomware and phishing/social engineering, as well as business email compromise.
Beyond cybersecurity, midwives have privacy obligations in the electronic environment under PHIPA.
Cyberattacks can impact midwives by causing privacy breaches, financial loss, reputational risk and the loss of access to laptops, EMR, shared network and files. The cost to repair the issue can be large and might include legal fees, investigation and repair costs and ransom payments as well as time spent troubleshooting, notifying clients and stakeholders and transferring paper charting into the EMR.
Many preventive techniques are accessible to midwives and practice groups; you can find a number of strategies here. It is always important to consider undertaking regular education about the latest risks and ensuring all workers (e.g. midwives, staff, students) are up to date and informed. In addition, ensure your practice has a plan or protocol in place that outlines your security practices, who to call in the event of a suspected threat, and a contingency plan in case you suddenly lose access to your EMR or mobile devices.
If you suspect you have been the victim of a cyberattack, quick action is important! You might choose to call your business insurance provider, your IT service provider or AOM On Call (members only, login required).
For more information
- Tips for Spotting Phishing Emails. HIROC, 2022.
- Risk Reference Sheet: Cyberloss. HIROC, 2020.
- Key Measures for Preventing and Mitigating Cyber Attacks and Ransomware (PDF, 56 KB). HIROC, 2018.
- Cyber Risk Management: A Guide for Healthcare Providers and Administrators. HIROC, 2017.