12 September 2024

The top 5 cyber threats facing care organisations


In an age where care meets technology, safeguarding sensitive data and securing vital systems has never been more important. The ongoing digitalisation of the adult social care sector is helping to streamline operations and improve service user care, but it’s also presenting opportunities for cyber attacks and data breaches.


Consistently, for over a decade, the care sector has the highest global cost of a data breach, totalling $10.93 million in 2023 (IBM Security), and there is no sign of this slowing down. As a result, there are increasing expectations for care providers to demonstrate they have appropriate defences in place to protect their service users, data, and operational continuity.


In this blog, the experts over at Citation dive into the threat landscape and current risks facing care organisations, providing you with practical defence steps for boosting cyber resilience.


You can also chat with staff from Citation at our upcoming Autumn Conference: Cyber Summit on 3rd October.


**************************************************


Understanding the threat landscape for care businesses


The wealth of sensitive information and the potential impacts following a data breach makes care organisations prime targets for cyber criminals. The NCSC’s ‘Cyber Security Strategy for Health and Social Care’ reports that phishing, malware, and ransomware are the biggest threats facing care businesses, along with outdated technologies, data misuse, supply-chain attacks, and lack of cyber awareness.


Cyber crime is on the rise, particularly within the care sector. In fact, there were 2.39 million instances of cyber crime in 2023 and reports reveal that 52% of health and social care businesses were hit by cyber attacks. An incident could lead to the loss of sensitive data, company downtime, incompliance fines, and reputational damage. It’s never been more crucial to implement robust defences to protect your business.


Common cyber risks in the care sector


Phishing


The most common cyber attack vector, phishing is a social engineering tactic used to deceive individuals into providing sensitive information or access to a device/account. Phishing is typically conducted via electronic communications (e.g., email, SMS, phone calls, and social media messages) and is designed to provoke a sense of fear and urgency in the recipient, causing them to act quickly without questioning its nature or legitimacy.


Training your workforce to identify and handle phishing communications correctly can significantly reduce your risk of a breach. Improve employee vigilance with up-to-date e-Learning and phishing simulations, and couple this with firewalls, email filtering, and strict configurations.


Ransomware


A type of malicious software that prevents the use of a system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid. There are various ways cyber criminals could infiltrate your business, some of the most common being:-


  • Embedding malicious links and attachments into emails.
  • A user visiting a compromised website, also known as drive-by-downloads.
  •  Infected portable hardware including USB sticks.
  • Open RDP ports.


To reduce the risk of ransomware, and to minimise the fallout in the event of a successful attack, regularly back up your data and store these on a server that isn’t attached to the same network. Equip your people with the knowledge and skills to recognise and respond to potential threats and create a robust incident response plan that maintains operational continuity.


Insider threats


Insider threats involve malicious or negligent actions of employees, contractors, or other trusted individuals within your organisation. These threats can include intentional data theft, accidental data breaches, or sabotage.


Lack of awareness with cyber security best practices can lead to your workforce being easily manipulated by attack attempts or even cause a data breach. As a care organisation, you’ll store extremely sensitive information and your team needs to understand their roles and responsibilities with handling this correctly, and ensuring it remains protected in line with the GDPR. Implement policies and procedures with regards to data handling and protection, ensure your users only have access to the information and applications they need to perform their job (Principle of the Least Privilege), and introduce regular employee training with the latest guidance and best practices.


Supply-chain attacks


Care organisations rely on third-party suppliers for various services, which can introduce additional cyber security risks. Over the past couple of years, there has been a surge in supply-chain attacks with businesses falling victim to data breaches as a result of compromised third-party suppliers.


Cyber criminals are seeing the value in targeting the supply chain, as they essentially get more out of their efforts – by targeting just one business, they can get access to a multitude of data and devices. Of course, outsourcing services is an important part of running a successful care business, so it’s key that you have the right systems in place and implement policies to validate your suppliers’ defences.


Outdated technologies


Outdated technologies and legacy systems is an ongoing battle within the care sector. Legacy systems are a risk to healthcare organisations due to the outdated software and lack of updates/bug fixes. These leave vulnerabilities open to be exploited by cyber criminals, potentially compromising sensitive patient data.

 

The benefits of cyber security


Cyber security defences not only help support your care organisation with reducing risk and remaining compliant, but it can also help strengthen your stakeholder relationships and provide growth opportunities. Implementing a cyber security strategy can help your business:-


  • Boost overall reputation by demonstrating that you take the protection of your vital devices and data seriously.
  • Improve your resilience to the ever-evolving threat landscape by remaining a step ahead of attack tactics and legislation updates.
  • Upskill your workforce and create a healthy cyber security culture amongst your people.
  • Provide you with deeper visibility of your digital environment, allowing you to identify areas for improvement.
  • Open new revenue streams including tendering opportunities.


Want to become a cyber-secure business?


Citation can help you do just that. Not only can they support you with your HR, Health & Safety, and Employment Law needs, but they can help you implement the defences your business needs in order to remain protected, resilient, and compliant.


Speak to a member of their team today on 0345 844 1111 or click here to discover how you can get started. Remember to quote ‘WMCA’ when enquiring to access your preferential rates.



Share

Independent commission into adult social care: TOR

2 May 2025
Terms of Reference for the Baroness Casey Social Care Commission Today (2 May 2025), the government published the Terms of Reference for Baroness Casey of Blackstock’s independent commission into adult social care. The Terms of Reference set out that the commission will report directly to the Prime Minister and will be split over 2 phases: Phase 1, reporting in 2026, will focus on how we can make the most of existing resources to improve people’s lives over the medium term. Phase 2, reporting by 2028, will then consider the long-term transformation of adult social care, setting us on the road to fundamental reform that will build a social care system fit for the future.  An easy read version of the terms of reference will be available soon. Terms of Reference: https://www.gov.uk/government/publications/independent-commission-into-adult-social-care-terms-of-reference

Care Roadshow Midlands

1 May 2025
Care Sector Events 2025 - Care Roadshow Midlands Attention West Midlands Care Association members! Registration is now open for Care Roadshow Midlands , set to take place at Villa Park Stadium on 15th May 2025 . This is your exclusive invitation to join the vibrant care community! Get your FREE ticket here. Care Roadshows return this May set to support care professionals across the Midlands. As part of the trusted Care Roadshows series, these free events offer essential insights, expert guidance and valuable networking opportunities for those working across the care sector. Since 2011, Care Roadshows have helped care home owners, domiciliary providers, managers and healthcare teams stay informed, connected and inspired. The 2025 events continue this mission - bringing together leading speakers, innovative suppliers and practical solutions at two iconic venues. If you are looking for care sector events in 2025 that deliver real value for your service, Care Roadshow Midlands is not to be missed.

HMRC Brief 2 (2025): the use of VAT grouping within the care industry

30 April 2025
Revenue and Customs Brief 2 (2025): the use of VAT grouping within the care industry

Citation: Employment Law Changes

30 April 2025
Citation: Employment Law Changes - FREE Employment Rights Bill Guide

Tax update spring 2025: simplification, administration and reform summary

30 April 2025
Tax update spring 2025: simplification, administration and reform summary The government has announced a package of tax and customs administration and simplification measures that will collectively reduce administrative burdens to save taxpayers and traders time, and will increase certainty, allowing businesses to focus on adding value to the economy. The package covers measures to support economic growth by reducing burdens on employers and increasing certainty for businesses. It aims to modernise and reform HMRC systems and processes to simplify the experience for individuals and traders and covers measures to modernise outdated elements of the tax and customs system and tackle the backlog of reform. Read more here.

Dignity in Planning Conversations that Matter - Online Event

30 April 2025
Dignity in Planning Conversations that Matter Online Event - 15th May 2025 - 13.00-15.00

Care Can't Wait Campaign

30 April 2025
Care Can't Wait: New Campaign to change the story on Adult Social Care The Association of Directors of Adult Social Services (ADASS) has today launched a bold new public awareness campaign called Care Can’t Wait to help change the way the public and politicians view adult social care and support. The campaign will feature powerful short films and photography of people across England whose lives have been transformed by high-quality adult social care. These stories show how care enables people to live the lives they want in their homes and communities. Jess McGregor, incoming ADASS President and Executive Director of Adults and Health at Camden Council , launched the campaign at the Association’s annual conference Spring Seminar. She said: “Social care is about people – people living full, meaningful lives, not just surviving. Good care supports people to do the things they love, to stay connected, and to be active members of their communities. “But delays, underfunding, and misunderstanding are holding us back. Care can’t wait – and neither can the people who depend on it.” Changing the narrative With public polling showing low public awareness and understanding of adult social care, this campaign aims to set the record straight by showing it in fact supports millions of adults, including working-age disabled people, people with mental health challenges enabling them to live their lives on their own terms. By platforming people who draw on care and support and supporting them to tell their stories, the campaign challenges outdated perceptions and shows the positive impact high quality social care can have. The campaign launch features a film of Abbie-Jo Laurence, 36, from Wiltshire, who draws on care and support to live and work independently. She shares her personal experiences and hopes for a system that enables everyone to thrive. Over the coming months, more stories will be shared from across the country, showing the diversity of care and the strength of the people who draw on it. “I want people to see that social care isn’t something that happens to other people,” said Abbie-Jo. “It could be you, your partner, your child, or your neighbour. We all deserve to live well – and care makes that possible.” Engaging the public “This campaign is about changing hearts and minds,” said McGregor. “We want to show the human impact of good care – and what’s at risk when it’s not available. These are real stories from real people, and they deserve to be heard.” As part of the campaign, ADASS is calling on members of the public to visit www.adass.org.uk/care-cant-wait and to: Watch and share the films across social media and with family and friends Sign the campaign hand raiser to support the campaign and receive updates on how to get involved. Talk about social care with friends, family and colleagues Champion reform by urging our leaders to improve and invest in adult social care and support. For further information, contact Vicky Smith, Communications and Public Affairs Officer at ADASS - vicky.smith@adass.org.uk or call 020 7072 7430.

WMCA Weekly Newsletter

29 April 2025
Last Chance to Book! Fire Prevention in Your Service Users Home Training Event 29 April 2025
Show More