Cybersecurity

Keeping information safe online and using technology to build a thriving practice

Cybercrime is evolving quickly and affects many areas of our daily interactions. Cyberattacks continue to grow and put everyone at higher risk, which requires us to become more vigilant and familiar with IT security. 

Most cybercrime events rely on deceiving a person before hacking a computer system. Applying basic cyber hygiene can prevent most cyber events and help safeguard yourself.

Ways to protect yourself, your patients and your practice

  • Elevate staff awareness about the risk of receiving potential threats and malware-laden phishing emails
  • Keep all systems firmware and applications up to date with the latest patches, including devices that connect to the Internet (Example medical and/or monitoring devices) operating systems, applications, browsers, plug-ins, and anti-virus tools
  • Ask your IT/EMR support to increase network monitoring for unusual network traffic or activity, especially around account and login management systems
  • Identify all internal and third-party mission-critical clinical and operational services with critical data, such as EMR/HER, IT services, booking systems, email and communication, and accounting systems
  • Limit access of critical systems and data to administrators, and not regular staff
  • Make sure back-ups are scheduled with appropriate frequency, and that the back-ups are tested regularly for consistency
  • Test your disaster recovery and business continuity plans along with your emergency communications and escalation contact lists
  • Review your cybersecurity insurance limits, and ensure it covers cyber warfare. OMA Insurance provides cyber liability insurance that is affordable and easy to add on to your existing OMA Insurance policies

Beware

Cybercriminals use high-profile news like the situation in Ukraine to catch the attention and manipulate the emotions of their target. As the situation evolves, cybercriminals are expected to reference various events in their phishing attacks and social media disinformation campaigns. Watch out for disinformation and attacks via emails, text messages and social media posts.

  • Be suspicious of emails, texts, and social media posts that contain shocking developments to the story. This could be false information designed to intentionally mislead you — a tactic known as disinformation
  • Cyberattacks are designed to catch you off guard and trigger you to click impulsively. No matter how shocking the news is, always think before you click
  • Never click a link in an email, SMS, or social media post that you were not expecting. If you are not sure, contact the sender by phone or other channels to confirm the legitimacy of the message
  • Use multi-factor authentication when possible, in all your accounts
  • If multi-factor authentication is not available, then ensure you’ve set up a strong alphanumeric long passphrase as your passwords and change them regularly (every 90 days)

If you suspect your personal information may have been compromised or you have been targeted online, these are some guidelines you can follow. Keep records of all the steps you’ve taken to report the incident and re-establish your credit.

Who to call

If you think you have been targeted online, please contact one or more of these organizations:

  • Local police or the RCMP (they will provide you with a report number for reference)
  • Your bank and your credit card issuer (they will ask you for the number on the back of your card)
  • Canada’s main credit reporting agencies to put a fraud alert on your credit report
  • Service Canada at 1-800-O-Canada if your federally issued ID was compromised

You can also contact your IT administrator for advice and containment actions.

File a report

If you have received a phishing attempt, or suspect that you may be a target of a scam or fraud, report it to the Canadian Anti-Fraud Centre by phone at 1-888-495-8501 or through the Fraud Reporting Centre.

You can also report phishing to the institution that it appears to be from. For example, if someone posed as a representative from your bank, you would call your bank to let them know that this happened.

Report an urgent cyber incident to the Canadian Centre for Cyber Security at contact@cyber.gc.ca or call toll-free at 1-833-CYBER-88 (1-833-292-3788).

Report privacy incidents or breaches at your organization to the Office of the Privacy Commissioner of Canada.

Unsure how to react to an aggressive comment online? Wondering how to protect your profile from unwanted visitors? While the OMA strongly condemns any threats, bullying or violence toward physicians, it’s important to understand the best way to respond to these messages. The OMA has compiled a step-by-step guide of measures you can implement to protect yourself and prevent further encounters. 

Further questions? Email the OMA for more information about cybersecurity or technology, or check out these other related pages:

Related news
MFA Is Now Mandatory for Cyber Insurance
5 fast facts on health care ransomware attacks
AP: Change Healthcare cyberattack was due to a lack of multifactor authentication, UnitedHealth CEO says
CNBC: Cyberattack on UnitedHealth firm forces doctors to dig into personal savings to stay afloat
CBC British Columbia: London Drugs closes stores until further notice due to cyberattack

Further resources

Access training, guides and tools

Additional products and services available for members

OMA members get access to exclusive savings from our partners. Explore these relevant resources, products and services.

OMD privacy and security training

OMD offers two comprehensive privacy and security training modules to help you protect your patient and practice data.

Access the training

OMD Advisory Service

The OMD Advisory Service team supports clinicians to maximize the value from their EMRs and other practice technologies.

Get personalized support now

OMD online appointment webinar

Learn how to enhance your understanding, deployment and use of an online booking system.

Watch the recording