A person works on laptop to improve cyber security measures

Protecting your home care organisation from cyber attacks

As we move closer to a more connected future, technology is fast becoming a crucial part of the planning and delivery of health and social care – enabling faster information sharing and ensuring that care is more person-centred than ever before. 

And while digitisation has brought countless benefits to care planning with features like electronic medication administration (eMAR) and digital record-keeping – it’s never been more important to keep up to date with improving cyber security measures to keep sensitive information safe and secure.

Care providers hold a huge range of data from the people they support, and there are several risks to data security that staff should be aware of.

What is a cyber attack?

The NCSC defines a cyber incident as a breach of a system’s security policy in order to affect its integrity or availability and/or the unauthorised access or attempted access to a system or systems; in line with the Computer Misuse Act (1990).

In general, types of activity that are commonly recognised as being breaches of a typical security policy are:

  1. Attempts to gain unauthorised access to a system and/or to data.
  2. The unauthorised use of systems for the processing or storing of data.
  3. Changes to a systems firmware, software or hardware without the system owners consent.
  4. Malicious disruption and/or denial of service.

Why is a cyber-attack particularly dangerous for a care provider?

Primarily, cyber-attacks cause huge amounts of disruption to those targeted. For a care provider, this could involve employee rosters being deleted, digital records being stolen, passwords being changed and financial details being stolen – which can cause significant disruption across operations and service delivery. And not only can this result in financial damages, but could potentially harm those receiving and relying on care. 

How to reduce the risk of a cyber attack and improve cyber security

  1. Be careful with your email: learn how to spot fake and phishing emails
  2. Use strong passwords
  3. Install the latest software updates – they will contain vital security updates
  4. Install the latest antivirus software
  5. Protect mobile devices and tablets – and consider personal devices used for work purposes
  6. Back up your data so you can continue to access it
  7. Train staff to be cyber aware especially from phishing scams – don’t underestimate human error
  8. Check if your insurance policy covers a cyber breach
  9. Consider getting a Cyber Essentials certification

What to do in the event of a cyber attack

  • Report the attack to Action Fraud either via their website or by calling 0300 123 2040.
  • If you need advice and support you can also report this to the National Cyber Security Centre. They have also produced a list of things to do immediately if your computer is infected.
  • If the information affected includes personal information, e.g. details about staff or service users, then you might need to report this breach to the Information Commissioner’s Office.
  • If your organisation completes the Data Security and Protection Toolkit, you can report incidents within the Toolkit and it will help you decide if you need to report the cyberattack to the Information Commissioner.

Now that you are aware of the threat of cyber attacks, do you need to activate any of the suggestions above to start improving cyber security in your business? A good first step would be to complete the Data Security and Protection Toolkit – an annual self-assessment of your arrangements and make a plan of action to make your business cyber secure.