May 28th 2025
In early 2025, Assist Care Group, a home care provider based in West Sussex, faced a highly sophisticated cyber fraud attempt that could have disrupted services and compromised sensitive information. Instead, the organisation responded with such speed, transparency, and innovation that it not only safeguarded care delivery but also strengthened sector-wide resilience. This outstanding response earned them the Digital and Cyber Innovation Award at the West Sussex Partners in Care Accolades, supported by the Digital Care Hub.
Responding to a crisis with calm and clarity
When the cyber incident occurred, Assist Care Group activated its Business Resilience Plan immediately. The leadership team involved external forensic experts and worked in real time to investigate the breach attempt. Although no data was compromised, the team treated the situation with utmost seriousness and used it as a learning opportunity.
Rather than relying solely on technical fixes, Assist Care Group adopted a human-centred approach. A new “Handshake Policy” was introduced to help staff verify external communications before disclosing sensitive information. Credentials were reset, multi-factor authentication was rolled out, and updated settings were applied to strengthen email security.
These weren’t abstract IT measures – they were practical, day-to-day safeguards designed for the fast-paced and high-pressure environment of social care.
Ensuring continuity and protecting people
Despite the scale of the threat, the provider maintained uninterrupted, person-centred care throughout. Two-person authorisation controls had already been embedded in financial systems, and these proved crucial – preventing unauthorised transactions even when login credentials were used.
During a temporary freeze on systems, critical payments were managed manually with the support of banking partners. This agile approach ensured there was no impact on people’s wellbeing, no delays in service, and no loss of trust. Regular risk reviews and transparent communication meant staff and people receiving care stayed fully informed and supported.
Turning risk into learning and leadership
The response went far beyond technical improvements. Assist Care Group saw the event as a learning opportunity and invested in its people. The affected staff member was supported through the Employee Assistance Programme, and no blame was assigned. This created a culture of openness and psychological safety.
Fraud prevention training, based on the real-life event, was embedded into ongoing learning. Staff were given the tools and confidence to spot, challenge, and report potential threats. The organisation’s digital culture matured significantly, with teams now understanding their shared responsibility for cyber safety.
Inclusive design and practical impact
Recognising that not all care staff are digital experts, Assist Care Group created plain-English guidance for frontline teams and families. The Handshake Policy, for example, is simple enough to be used by anyone – empowering both staff and relatives to verify identity and protect personal information.
By creating safe spaces to ask questions and share concerns, the organisation bridged digital confidence gaps. This helped ensure that technology is used inclusively, accessibly, and in ways that support – not burden – care teams.
Sector leadership through transparency and sharing
Rather than keeping their response internal, Assist Care Group shared their experience widely. A redacted version of the incident report and scam call recording was offered as a training resource for other providers. Learnings were shared with West Sussex County Council, Surrey County Council, CQC, Digital Sussex, and the South East Cyber Resilience Centre.
Crucially, the solutions they implemented – such as dual authorisation, password protocols, and the Handshake Policy – are low-cost, scalable, and suitable for providers of all sizes.
A blueprint for ethical, person-centred cyber resilience
Assist Care Group’s response demonstrated not only technical competence but ethical leadership. They self-assessed against ICO guidance, informed regulators even though no breach had occurred, and ensured every step was auditable and transparent.
This case shows what’s possible when cyber safety is not just delegated to IT teams but embedded across an organisation. With inclusion, collaboration, and care at its core, Assist Care Group’s digital response is a model for the sector – proving that resilience can be built even in the most challenging moments.
Further information
Visit our Cyber Security Guidance
Use our Business Continuity Plan template and guidance
Access free support from Better Security, Better Care
Photo by Markus Winkler on Unsplash
View all case studies