Cybersecurity threats such as cyberattacks, cyberbreaches and cyberlosses are occurring with increasing frequency and health-care organizations (including midwives and midwifery practice groups) are often targeted. Cyberattacks can have serious consequences, and a good understanding of your cyber and privacy protections can help prevent problems and minimize the consequences of an attack if it does occur.

Cyberloss in health care can include:

  • privacy breaches – when a cybercriminal steals sensitive data

  • malware – when a third party maliciously attacks your system, infecting or encrypting your files; often contained within an email attachment

  • phishing – when you receive a random fraudulent email that appears legitimate, asking you to login to an account at the provided link (e.g. to your bank), and then your information is stolen

  • ransomware – malware in which a ransom is demanded to regain access to your files

  • social engineering fraud – when the cybercriminal learns about you and uses the information to manipulate you (e.g. by sending an email disguised as being from someone you know, requesting your password or banking information)

  • exploitation of vulnerabilities – when the cybercriminal figures out the easiest way to break into your system and takes advantage (e.g. virus software or patches not updated).

The most common claims among health-care organizations are ransomware and phishing/social engineering, as well as business email compromise.  Cyberattacks can impact midwives by causing privacy breaches, financial loss, reputational risk and the loss of access to laptops, EMR, shared network and files. The cost to repair the issue can be large and might include legal fees, investigation and repair costs and ransom payments as well as time spent troubleshooting, notifying clients and stakeholders and transferring paper charting into the EMR.

Beyond cybersecurity, midwives have privacy obligations in the electronic environment under PHIPA.

Strategies For Prevention

There are many strategies to consider to protect your practice, clients and colleagues.  Consider these first steps:

In the Event of an Attack

If you suspect you have been the victim of a cyberattack, quick action is important! You might choose to call your business insurance provider, your IT service provider or AOM On Call (members only, login required). 

Key Resources

For more information