Cybersecurity

Cybersecurity threats such as cyberattacks, cyberbreaches and cyberlosses are occurring with increasing frequency and health-care organizations (including midwives and midwifery practice groups) are often targeted. Cyberattacks can have serious consequences, and a good understanding of your cyber and privacy protections can help prevent problems and minimize the consequences of an attack if it does occur.

Cyberloss in health care can include:

• privacy breaches – when a cybercriminal steals sensitive data

• malware – when a third party maliciously attacks your system, infecting or encrypting your files; often contained within an email attachment

• phishing – when you receive a random fraudulent email that appears legitimate, asking you to login to an account at the provided link (e.g. to your bank), and then your information is stolen

• ransomware – malware in which a ransom is demanded to regain access to your files

• social engineering fraud – when the cybercriminal learns about you and uses the information to manipulate you (e.g. by sending an email disguised as being from someone you know, requesting your password or banking information)

• exploitation of vulnerabilities – when the cybercriminal figures out the easiest way to break into your system and takes advantage (e.g. virus software or patches not updated).

The most common claims among health-care organizations are ransomware and phishing/social engineering, as well as business email compromise.  Cyberattacks can impact midwives by causing privacy breaches, financial loss, reputational risk and the loss of access to laptops, EMR, shared network and files. The cost to repair the issue can be large and might include legal fees, investigation and repair costs and ransom payments as well as time spent troubleshooting, notifying clients and stakeholders and transferring paper charting into the EMR.

Beyond cybersecurity, midwives have privacy obligations in the electronic environment under PHIPA.

Strategies For Prevention

There are many strategies to consider to protect your practice, clients and colleagues.  Consider these first steps:

• Take a cyber and privacy training such as Shield Cybersecurity and Privacy Self Learning Program - register here for free access for members; 
• Confirm that your practice has cyber insurance as part of your business insurance policy;
• Identify a cyber lead at your practice;
• Update your phones and computers when prompted;
• Update your passwords;
• Review your electronic privacy responsibilities;
• Watch for a template cyber resource, coming soon!

In the Event of an Attack

If you suspect you have been the victim of a cyberattack, quick action is important! You might choose to call your business insurance provider, your IT service provider or AOM On Call (members only, login required). 

Key Resources

• Cybersecurity: Guiding Principles and Risk Management Advice. HIROC, Feb 2023.
• Planning for Cyber Security Incidents: A Crisis Communications Guide. HIROC, Jan 2023.
• Webinar: Privacy update for regulated health professionals. Presented by Kate Dewhirst, 2023.
• How to Protect Against Ransomware (PDF, 694 KB). Information and Privacy Commissioner of Ontario, Oct 2022.
• Webinar: Cybersecurity and Privacy Breach workshop for midwife subscribers. Presented by HIROC, June 2022.

For more information

• Tips for Spotting Phishing Emails. HIROC, 2022. 
• Risk Reference Sheet: Cyberloss. HIROC, 2020.
• Key Measures for Preventing and Mitigating Cyber Attacks and Ransomware (PDF, 56 KB). HIROC, 2018.
• Cyber Risk Management: A Guide for Healthcare Providers and Administrators. HIROC, 2017.

Links:

• AOM’s Cyber Insurance page.
• Government of Canada: Get Cyber Safe.
• Cyber Security Ontario.