Protecting your clinic from common cybersecurity risks

Losing access to your clinical systems can significantly delay or even halt your clinic’s ability to operate. Understanding and recognizing the most common cybersecurity threats is critical for mitigating the risk of a security breach. Learn about common security risks and find out how your clinic can reduce the risk of personal health information falling into the wrong hands so you can prevent the computer systems in your clinic from becoming inaccessible.

What could a phishing attempt look like?

Phishing is the act of tricking a person into revealing sensitive information, such as passwords or unique identifiers (e.g., PHN) by pretending to be a legitimate institution such as a bank, retail business or support centre. This is the most common method criminals use to initiate a cyberattack, which can result in losing access to your systems or having data stolen. Phishing attacks can come by email, phone, or text.

What could a phishing attempt look like?

Phishing attacks have historically shared common characteristics such as poor spelling and grammar, a tone of urgency, or evoking a feeling of guilt or sympathy. While phishes often do still have these characteristics, modern attempts are increasingly elaborate and may appear to come from familiar contacts. Phishers will ask you to take action, most often to click a link or open a file. This is how malicious software, or malware, gets onto your network. Phishers may also ask you to provide a phone number, whereby a fake call centre will then collect personal information. This is why legitimate organizations will never ask you for passwords or codes. In health care, you may see phishes that appear to be:

  • Requests from a patient to look at a photo or medical record, or sign a form.
  • A denied or problematic payment, or a request to visit a link or open a file to check information.
  • A referral from a professional contact asking you to look at a chart, photo, or document.

How can I spot an email phishing attempt?

Ask yourself the following three questions when you’re unsure if an email is legitimate:

  1. Do I know the person or company contacting me? No --> Increased likelihood of phishing. Use caution.
  2. Am I being asked to open a link or file? Yes --> Increased likelihood of phishing. Use caution.
  3. Is there a tone of urgency or a critical problem that I'm being asked to correct? Yes --> Increased likelihood of phishing. Use caution.

Ways to reduce risk

I deal with a lot of files and new patients. What are some simple ways I can reduce risk?

  • If you allow patients to email you, set expectations for how they are to communicate with your clinic. Advise them not to send files and photos unless asked and inform them that you will not be opening unsolicited links or files that they send. Our sample communication templates help with setting expectations with patients.
  • Use an antivirus program that includes phishing protections, like email attachment scanning or phishing link detection. There are many reasonably priced options. You can discuss different options on the market with DTO.
  • Hover over any links provided—without clicking—to see where they will take you. If the URL looks like it takes you somewhere different than is indicated in the email context, it’s a good flag to use caution.
  • Do a phishing simulation together with your clinic staff to learn the details of how attackers try to trick you. There are both free and paid options available.
  • Look at the DISPLAY NAME and the ADDRESS AND DOMAIN NAME of the sender. Refer to the example below for more information.

Display name vs. domain name

An email address has two main components that provide information on who the sender is. Users can set their own DISPLAY NAME, but the ADDRESS AND DOMAIN NAME show the true online identity of the person who is contacting you. If these don’t match previous correspondence with the contact, or the message is from a peculiar and unfamiliar domain, it’s a good indication of a phishing attempt.

Example: Who is actually sending the email?

Above are two possible examples of DISPLAY NAME and ADDRESS AND DOMAIN NAME for a familiar contact, Doctors Technology Office. These two pieces of information will appear in the “from” field in your email. How can you know which one is legitimate?

  1. Check for previous emails sent to or received from Doctors Technology Office. The email address should be the same as the one you have on file, and any others should be treated with suspicion.
  2. Doctors Technology Office is part of Doctors of BC, a professional organization, and is likely to have its own domain. Think of the domain as an address used by others on the internet to find you. Mail may be delivered there, or your website may be hosted there. In this case, the domain is “”. Large corporate and professional institutions are more likely to own their own domain, while small businesses and individuals are more likely to be using free, hosted email services such as Gmail, iCloud, Yahoo, TELUS, Shaw, or Hotmail.
  3. When we look at the ADDRESS AND DOMAIN NAME above, we see that although both are showing a DISPLAY NAME of DTO Info, one is actually coming from
  4. The best way to verify is to contact the sender through another channel. If someone claiming to be DTO contacted you, you could find the phone number on the DTO webpage and call to see if someone was trying to get ahold of you.


Ransomware is a form of malicious software or malware, that is commonly used by modern cybercriminals. In a ransomware attack, files and systems are encrypted by a criminal who has gained access to your network, making them inaccessible to you. The criminal then demands payment to unlock your data or threatens to publish it on the internet.

How do ransomware attacks happen?

Modern software and devices have many safeguards in place by default to prevent attackers from accessing them from outside your network. To carry out an attack, criminals must gain access to your network. There are several methods by which this can occur, but the most common method is through phishing (see above). Other methods, such as the exploitation of known software vulnerabilities, are also common.

How do I know if I'm a ransomware victim?

If you suddenly lose access to your clinic network or computers, your files are unexpectedly encrypted, or you receive a note demanding payment, then you might be the victim of a ransomware attack.

How can I be prepared to deal with an attack?

Be familiar with the four key steps in responding to a breach and have a breach response plan in place at your clinic before a breach happens. You can find more information on how to respond to a breach in the Privacy toolkit.

How can I get my clinic back online?

Nearly all EMRs in BC are cloud-based. This means that your clinic applications and data are likely accessible from other locations and devices in addition to your clinic. Your IT professional can provide information on how to continue to operate by accessing your cloud-based applications from a separate computer or network. If your clinic has a breach response plan in place, you can also refer to the contingency planning resources to help get your clinic back online.


The Canadian Medical Protective Association (CMPA) is generally available to assist physicians with the medico-legal implications of breaches of patient information, including cybersecurity events.

Matters concerning the business of medicine, such as payment of ransomware demands, restoration of data, privacy breach notification to patients, forensic investigation or hardware replacement are not in the scope of CMPA services, highlighting a potential role for cyberinsurance.

Physicians who are interested in evaluating whether cyberinsurance is right for them can contact the Doctors of BC’s insurance team to learn more about insurance offerings exclusively available to physicians.