Marie Stopes CIO Daniela Weber on cybersecurity amid mounting threats

As global CIO at Marie Stopes, Daniela Weber’s remit stretches across the UK business, the global support office and worldwide services for Marie Stopes International, which operates in 37 countries. The practice, which has been around for 40 years, is the largest provider of abortion and contraception services in the world, with more than 25 million people currently using a method of contraception from the charity.

However, despite abortion services being vital for women everywhere in the world, providers like Marie Stopes are facing a critical cultural moment. In the US, states including Alabama, Georgia and Louisiana have passed state legislation proposing extreme restrictions on abortion – imposing zero to six-week limitations. While these are not currently in effect, similar legislation, even if overturned, can lead to local services being defunded and shut down. For example, restrictions introduced by the state of Texas shut down half the state’s abortion providers in 2013, before they were overturned by the Supreme Court in 2016.

These moves have been supported by President Donald Trump, who has introduced strict limitations on funding linked to abortion charities. Do these mounting pressures touch Weber in her day to day role? “It has impacted us in a very visible and practical sense in that we used to get funding from the US Government, which obviously we are not at the moment,” she says. “In terms of what’s going on, we see it, and certainly our service providers see it. It resonates in day to day service provision in that they face more opposition, and we get people wanting to disturb us from the work.

“We see it in political parties in countries trying to pass legislation. We see it in having a lot more scrutiny on what we’re doing and things being questioned.”

Abortion providers in the US have long been gathering places for protesters – necessitating the presence of armed guards at certain clinics – and staff members have suffered extreme violence and even death for their profession. In Weber’s particular area, this violence can take the form of cyber attacks. Her role involves overseeing cybersecurity and protecting against hacking and DDoS attacks, where the target’s website becomes unavailable to its intended users.

Marie Stopes has suffered nothing major thus far – only being subject to phishing and social engineering attacks of the type often levelled against other companies too. However, the threat remains potent and cautionary tales loom large. For example, Whole Woman’s Health, a Texas-based reproductive service provider, was subject to repeated hacking attempts after a company official testified before state legislature.

Between 2013 and 2016, the organisation was subject to a bombardment of cyberattacks – peaking at 500 attempts a day – that succeeded in shutting down the website for extended periods of time. Planned Parenthood, the National Network of Abortion Funds and the Abortion Care Network have also been targeted by cyber attacks, and names and personal information of 300 employees of the former were published online in 2015.

“I think the risk is there and the risk is probably steadily increasing,” says Weber, “so we’re making sure that we are protected as much as we can be.” Although there is nothing that will provide 100% protection against such attacks, ensuring that plans are in place to mitigate damage and guarantee a quick return to normality is tantamount.

In this industry, one of the most common threats is the leaking of the personal information of people who have accessed the services. Weber feels confident in this regard that the personal information of clients is well-protected. “That’s always been a given,” she says. “It’s always been very important to us that we protect that information and that no-one – whether it’s opposition, whether it’s family members – can access the data and know what services a certain person has received from us. There’s always been a lot of focus on that, even in the past, and of course now as well.”

How do they stay on top of the ever-evolving cybersecurity challenge? “It’s really keeping ourselves informed of what’s out there, what the options are and at the same time assessing our risk,” says Weber. “We have an ongoing programme at the moment where we’re looking at what technology we can implement and if our users are educated – because that’s probably a bigger risk sometimes.” This takes into account legislation around data privacy and GDPR. “So it’s really staying on top of the legislation, staying on top of the threats, staying on top of the technology options and turning that into an ongoing programme of work where we keep improving and keep adding new solutions as well.”

But Weber’s responsibilities extend well beyond security. Right now, she is also preoccupied with developing a digital strategy, something she predicts will keep her occupied for the next few years. “There’s a couple of big building blocks involved: one is client management systems – we have a variety of client management systems in different countries and it depends very much on what type of countries they are,” she says. In the UK, they work with the NHS, but in other less developed countries this can be more challenging.

“In our international country operations they usually use simpler systems and we have quite a lot of different stand-alone systems there as well,” she says. “We’re looking at the moment to do a bit of consolidation, a bit of data standardisation, and to put a common precaution layer across all those systems as well.”

The global approach focuses on engaging with clients through call centres and websites that provide information about their services and assist with the referral process. In addition, there are country-specific activities around youth, for example.

Weber says the charity is interested in AI for a number of different reasons. “We collect a lot of data and we’re not using it very efficiently at the moment because we don’t have the systems to inform, for example, where we’re going in terms of service provision – are we reaching out to the right clients, the poorest of young women?”

The aim is to bring an element of prediction into data analysis, but also to automate the triangulation they carry out in association with call centres, which is used to make sure someone has been directed to the appropriate place. “Whether they want advice, whether they want to be pointed to a clinic, whether they are calling in distress, which can happen,” explains Webber.

In the midst of a critical time for abortion in the US and the rest of the world, considering the needs of their service users must remain the top priority. Indeed, Weber says that pushback can have the opposite effect than intended on morale: “We are more and more determined because we believe we are doing the right thing in providing the services we provide, and we’re looking at how can we protect ourselves from being impacted by this opposition.”