September 12, 2024

The top 5 cyber threats facing care organisations


In an age where care meets technology, safeguarding sensitive data and securing vital systems has never been more important. The ongoing digitalisation of the adult social care sector is helping to streamline operations and improve service user care, but it’s also presenting opportunities for cyber attacks and data breaches.


Consistently, for over a decade, the care sector has the highest global cost of a data breach, totalling $10.93 million in 2023 (IBM Security), and there is no sign of this slowing down. As a result, there are increasing expectations for care providers to demonstrate they have appropriate defences in place to protect their service users, data, and operational continuity.


In this blog, the experts over at Citation dive into the threat landscape and current risks facing care organisations, providing you with practical defence steps for boosting cyber resilience.


You can also chat with staff from Citation at our upcoming Autumn Conference: Cyber Summit on 3rd October.


**************************************************


Understanding the threat landscape for care businesses


The wealth of sensitive information and the potential impacts following a data breach makes care organisations prime targets for cyber criminals. The NCSC’s ‘Cyber Security Strategy for Health and Social Care’ reports that phishing, malware, and ransomware are the biggest threats facing care businesses, along with outdated technologies, data misuse, supply-chain attacks, and lack of cyber awareness.


Cyber crime is on the rise, particularly within the care sector. In fact, there were 2.39 million instances of cyber crime in 2023 and reports reveal that 52% of health and social care businesses were hit by cyber attacks. An incident could lead to the loss of sensitive data, company downtime, incompliance fines, and reputational damage. It’s never been more crucial to implement robust defences to protect your business.


Common cyber risks in the care sector


Phishing


The most common cyber attack vector, phishing is a social engineering tactic used to deceive individuals into providing sensitive information or access to a device/account. Phishing is typically conducted via electronic communications (e.g., email, SMS, phone calls, and social media messages) and is designed to provoke a sense of fear and urgency in the recipient, causing them to act quickly without questioning its nature or legitimacy.


Training your workforce to identify and handle phishing communications correctly can significantly reduce your risk of a breach. Improve employee vigilance with up-to-date e-Learning and phishing simulations, and couple this with firewalls, email filtering, and strict configurations.


Ransomware


A type of malicious software that prevents the use of a system, either by locking the system’s screen or by locking the user’s files unless a ransom is paid. There are various ways cyber criminals could infiltrate your business, some of the most common being:-


  • Embedding malicious links and attachments into emails.
  • A user visiting a compromised website, also known as drive-by-downloads.
  •  Infected portable hardware including USB sticks.
  • Open RDP ports.


To reduce the risk of ransomware, and to minimise the fallout in the event of a successful attack, regularly back up your data and store these on a server that isn’t attached to the same network. Equip your people with the knowledge and skills to recognise and respond to potential threats and create a robust incident response plan that maintains operational continuity.


Insider threats


Insider threats involve malicious or negligent actions of employees, contractors, or other trusted individuals within your organisation. These threats can include intentional data theft, accidental data breaches, or sabotage.


Lack of awareness with cyber security best practices can lead to your workforce being easily manipulated by attack attempts or even cause a data breach. As a care organisation, you’ll store extremely sensitive information and your team needs to understand their roles and responsibilities with handling this correctly, and ensuring it remains protected in line with the GDPR. Implement policies and procedures with regards to data handling and protection, ensure your users only have access to the information and applications they need to perform their job (Principle of the Least Privilege), and introduce regular employee training with the latest guidance and best practices.


Supply-chain attacks


Care organisations rely on third-party suppliers for various services, which can introduce additional cyber security risks. Over the past couple of years, there has been a surge in supply-chain attacks with businesses falling victim to data breaches as a result of compromised third-party suppliers.


Cyber criminals are seeing the value in targeting the supply chain, as they essentially get more out of their efforts – by targeting just one business, they can get access to a multitude of data and devices. Of course, outsourcing services is an important part of running a successful care business, so it’s key that you have the right systems in place and implement policies to validate your suppliers’ defences.


Outdated technologies


Outdated technologies and legacy systems is an ongoing battle within the care sector. Legacy systems are a risk to healthcare organisations due to the outdated software and lack of updates/bug fixes. These leave vulnerabilities open to be exploited by cyber criminals, potentially compromising sensitive patient data.

 

The benefits of cyber security


Cyber security defences not only help support your care organisation with reducing risk and remaining compliant, but it can also help strengthen your stakeholder relationships and provide growth opportunities. Implementing a cyber security strategy can help your business:-


  • Boost overall reputation by demonstrating that you take the protection of your vital devices and data seriously.
  • Improve your resilience to the ever-evolving threat landscape by remaining a step ahead of attack tactics and legislation updates.
  • Upskill your workforce and create a healthy cyber security culture amongst your people.
  • Provide you with deeper visibility of your digital environment, allowing you to identify areas for improvement.
  • Open new revenue streams including tendering opportunities.


Want to become a cyber-secure business?


Citation can help you do just that. Not only can they support you with your HR, Health & Safety, and Employment Law needs, but they can help you implement the defences your business needs in order to remain protected, resilient, and compliant.


Speak to a member of their team today on 0345 844 1111 or click here to discover how you can get started. Remember to quote ‘WMCA’ when enquiring to access your preferential rates.



Share

Healthcare Employment specialist legal support

July 31, 2025
Healthcare Employment specialist legal support

How will the Fair Work Agency impact your business – Download your FREE guide

July 31, 2025
How will the Fair Work Agency impact your business Download your FREE guide

Ally Cares win HSJ Digital Award 2025

July 31, 2025
Ally Cares win HSJ Digital Award 2025

Launch of our annual 'The Size and Structure of the Adult Social Care Workforce report'

July 29, 2025
Published July 2025 (data correct as at 2024/25) Skills for Care have launched their annual report on the size and structure of ythe care workforce This provides the most up-to-date and comprehensive overview of the size and structure of the adult social care sector and workforce in England. A short, written report is available: download a copy of the report here. The methodology for this year’s report has changed from previous years. Adult social care related roles employed by the NHS are no longer included in the headline statistics for the size of the adult social care workforce. This change has been applied retrospectively to previous years, so the trends in this report are consistent. Comparing figures from this report to previous reports will not produce a valid trend. Also, our estimates for the number of filled posts in the independent sector now come from our automated data pipeline. This has resulted in substantial improvements to our estimates over time and some figures have changed as a result from previous versions of this report. For further information, see our statement.  To download the data behind the visualisation below, including trended information, please see the Workforce estimates page.

WMCA Weekly Newsletter

July 29, 2025
Windows 10 obsolete in October and Support for Nursing Placements 29 July 2025

Student nurses set for skills boost through new adult social care placements

July 24, 2025
Student nurses set for skills boost through new adult social care placements

Skills for Care - Fair Pay Agreement for adult social care

July 23, 2025
What is happening with the Fair Pay Agreement for adult social care webinar On Tuesday 15 July 2025, Skills for Care was joined by the Department of Health and Social Care (DHSC) to share an overview of the Fair Pay Agreement (FPA) for adult social care. During the webinar, colleagues at DHSC explained what a FPA is, why it is being introduced and what this means for the sector. Details about the Employment Rights Bill and how this provides the legislative framework for FPAs were also shared. The webinar explored how the Government has been engaging with the sector so far, and ways in which those working in adult social care can get involved, including plans for a public consultation later this year. The event concluded with a Q and A A recording of the webinar is now available for you to view.

WMCA Weekly Newsletter

July 22, 2025
WMCA Excellence in Care Awards - Just 1 week to go until the nomination window closes 22 July 2025
Show More