September 12, 2024

The top 5 cyber threats facing care organisations


In an age where care meets technology, safeguarding sensitive data and securing vital systems has never been more important. The ongoing digitalisation of the adult social care sector is helping to streamline operations and improve service user care, but it’s also presenting opportunities for cyber attacks and data breaches.


Consistently, for over a decade, the care sector has the highest global cost of a data breach, totalling $10.93 million in 2023 (IBM Security), and there is no sign of this slowing down. As a result, there are increasing expectations for care providers to demonstrate they have appropriate defences in place to protect their service users, data, and operational continuity.


In this blog, the experts over at Citation dive into the threat landscape and current risks facing care organisations, providing you with practical defence steps for boosting cyber resilience.


You can also chat with staff from Citation at our upcoming Autumn Conference: Cyber Summit on 3rd October.


**************************************************


Understanding the threat landscape for care businesses


The wealth of sensitive information and the potential impacts following a data breach makes care organisations prime targets for cyber criminals. The NCSC’s ‘Cyber Security Strategy for Health and Social Care’ reports that phishing, malware, and ransomware are the biggest threats facing care businesses, along with outdated technologies, data misuse, supply-chain attacks, and lack of cyber awareness.


Cyber crime is on the rise, particularly within the care sector. In fact, there were 2.39 million instances of cyber crime in 2023 and reports reveal that 52% of health and social care businesses were hit by cyber attacks. An incident could lead to the loss of sensitive data, company downtime, incompliance fines, and reputational damage. It’s never been more crucial to implement robust defences to protect your business.


Common cyber risks in the care sector


Phishing


The most common cyber attack vector, phishing is a social engineering tactic used to deceive individuals into providing sensitive information or access to a device/account. Phishing is typically conducted via electronic communications (e.g., email, SMS, phone calls, and social media messages) and is designed to provoke a sense of fear and urgency in the recipient, causing them to act quickly without questioning its nature or legitimacy.


Training your workforce to identify and handle phishing communications correctly can significantly reduce your risk of a breach. Improve employee vigilance with up-to-date e-Learning and phishing simulations, and couple this with firewalls, email filtering, and strict configurations.


Ransomware


A type of malicious software that prevents the use of a system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid. There are various ways cyber criminals could infiltrate your business, some of the most common being:-


  • Embedding malicious links and attachments into emails.
  • A user visiting a compromised website, also known as drive-by-downloads.
  •  Infected portable hardware including USB sticks.
  • Open RDP ports.


To reduce the risk of ransomware, and to minimise the fallout in the event of a successful attack, regularly back up your data and store these on a server that isn’t attached to the same network. Equip your people with the knowledge and skills to recognise and respond to potential threats and create a robust incident response plan that maintains operational continuity.


Insider threats


Insider threats involve malicious or negligent actions of employees, contractors, or other trusted individuals within your organisation. These threats can include intentional data theft, accidental data breaches, or sabotage.


Lack of awareness with cyber security best practices can lead to your workforce being easily manipulated by attack attempts or even cause a data breach. As a care organisation, you’ll store extremely sensitive information and your team needs to understand their roles and responsibilities with handling this correctly, and ensuring it remains protected in line with the GDPR. Implement policies and procedures with regards to data handling and protection, ensure your users only have access to the information and applications they need to perform their job (Principle of the Least Privilege), and introduce regular employee training with the latest guidance and best practices.


Supply-chain attacks


Care organisations rely on third-party suppliers for various services, which can introduce additional cyber security risks. Over the past couple of years, there has been a surge in supply-chain attacks with businesses falling victim to data breaches as a result of compromised third-party suppliers.


Cyber criminals are seeing the value in targeting the supply chain, as they essentially get more out of their efforts – by targeting just one business, they can get access to a multitude of data and devices. Of course, outsourcing services is an important part of running a successful care business, so it’s key that you have the right systems in place and implement policies to validate your suppliers’ defences.


Outdated technologies


Outdated technologies and legacy systems is an ongoing battle within the care sector. Legacy systems are a risk to healthcare organisations due to the outdated software and lack of updates/bug fixes. These leave vulnerabilities open to be exploited by cyber criminals, potentially compromising sensitive patient data.

 

The benefits of cyber security


Cyber security defences not only help support your care organisation with reducing risk and remaining compliant, but it can also help strengthen your stakeholder relationships and provide growth opportunities. Implementing a cyber security strategy can help your business:-


  • Boost overall reputation by demonstrating that you take the protection of your vital devices and data seriously.
  • Improve your resilience to the ever-evolving threat landscape by remaining a step ahead of attack tactics and legislation updates.
  • Upskill your workforce and create a healthy cyber security culture amongst your people.
  • Provide you with deeper visibility of your digital environment, allowing you to identify areas for improvement.
  • Open new revenue streams including tendering opportunities.


Want to become a cyber-secure business?


Citation can help you do just that. Not only can they support you with your HR, Health & Safety, and Employment Law needs, but they can help you implement the defences your business needs in order to remain protected, resilient, and compliant.


Speak to a member of their team today on 0345 844 1111 or click here to discover how you can get started. Remember to quote ‘WMCA’ when enquiring to access your preferential rates.



Share

Flourish - Skills for Care Fully-Funded Leadership Courses

June 17, 2025
Skills for Care Fully-Funded Leadership Dates Added Our partner, Flourish (formerly Grey Matter Learning), have asked us to share details of their upcoming Skills for Care Leadership Courses . See below for details. ********************************************************** We've added a range of new dates for our Skills for Care created leadership courses, Well Led , Lead to Succeed , and Leading Change Improving Care (LCIC) . All programmes are fully fundable using the Learning and Development Support Scheme (LDSS). Support the development of your leadership skills in social care. Whether you’re a leader looking to develop your own skills or planning the development of future leaders in your organisation, our expert-led programmes can help you achieve that. Remember... over 90% of services rated good or outstanding for being well-led by the CQC were also rated good or outstanding overall! Together we can make care work. We’d love for you to join us on this journey. Register your interest here and get your first shift booking at no cost. Upcoming Leadership Programmes Leading Change Improving Care 📅 10/09/2025 – Register 📅 11/09/2025 – Register 📅 13/01/2026 – Register 📅 20/01/2026 – Register Well Led 📅 18/09/2025 – Register 📅 19/01/2026 – Register Lead to Succeed 📅 15/10/2025 – Register 📅 22/10/2025 – Register 📅 20/01/2026 – Register Workbook Resources updated for 2025!

Spectrum: Maximeyes Free Energy Audit

June 17, 2025
Which NVQ - Cash for Care 2024/25

Citation: Tribunal Time Limits

June 17, 2025
Citation: Tribunal Time Limits

WMCA Weekly Newsletter

June 17, 2025
Nominate your staff for a WMCA Excellence in Care Award 17 June 2025

IHSCM Leadership Training

June 12, 2025
12 June 2025 10:00am - 4:00pm

IHSCM - Upcoming Events & Membership

June 11, 2025
IHSCM Upcoming Events & Membership The IHSCM have the following events coming up which we have been asked to promote to our WMCA members. If you are not already a member with IHSCM, you can sign up for free membership here . You will need your individual IHSCM membership number in order to register for a free ticket for any of the training events listed below. The IHSCM have produced 2 short videos that may aid in generating interest in IHSCM membership and the sign up process. • You can watch a short video demonstration of the sign up process here • You can watch a video on some of the benefits of IHSCM membership here ******************************************************************* 

Citation: Staff support during the summer

June 10, 2025
Citation: Staff Support during the Summer

Research engagement and delivery within a changing social care landscape

June 10, 2025
 Research engagement and delivery within a changing social care landscape
Show More