Next Event: LangBuisson - Out-of-Hospital Healthcare Conference

View Event

Search Digital Care Hub

What the dark web really means for care providers, and what to do about it 

What the dark web really means for care providers, and what to do about it 

February 9th 2026

Webinar catch up: What the dark web really means for care providers, and what to do about it  

Cyber security can feel abstract until it suddenly isn’t. This webinar, delivered by the Cyber Centre of Excellence (CCOE) and Digital Care Hub, cut through the myths around the dark web and focused on what actually matters for care providers: how everyday data ends up in the wrong hands, how it is then used against organisations, and what practical steps reduce risk. 

Rather than treating cyber crime as a purely technical problem, the session reframed it as an operational and cultural one. The biggest risks are not always sophisticated hacks. They are small, ordinary actions repeated across busy teams. 

The problem: care data is valuable, specific, and easy to reuse 

One of the strongest messages from the session was that care data is uniquely valuable. It is detailed, personal, and often linked to people who cannot easily change their details or protect themselves. Once exposed, it can be reused again and again for phishing, impersonation, and extortion. 

This is why the dark web matters. It is not a separate internet, but a place where stolen information can be traded, analysed, and repurposed. When email addresses, passwords, or documents appear there, they become building blocks for future attacks. Providers may never see the original breach, only the consequences. 

Practical takeaway: assume that some information will leak at some point. Build controls and habits that limit how much damage that causes. 

 

The real threat is social engineering, not “hackers” 

A recurring theme was that attackers rarely need to break in. They often persuade someone to let them in. 

Using information from previous breaches or public sources, criminals can craft emails, messages, and calendar invites that feel familiar and urgent. With generative AI, those messages now look convincing and error-free. 

For care teams under pressure, this is where risk concentrates. One click can open the door to ransomware or account compromise, even if the underlying systems are well configured. 

Practical takeaway: treat unexpected links and attachments as unsafe by default, even if they look legitimate. Build a culture where pausing to check is encouraged, not punished. 

 

Why old advice no longer works on its own 

The session showed why traditional phishing advice is no longer enough. Misspellings and bad grammar are no longer reliable warning signs. Attackers now use AI to mimic tone, branding, and even writing style. 

What still works is layered protection. Technical controls catch what humans miss, and training helps staff recognise patterns like urgency, unexpected requests, or pressure to act quickly. 

Practical takeaway: combine training with technical controls. Neither works well on its own. 

 

The basics still stop most attacks 

Despite the sophistication of the dark web ecosystem, most successful attacks rely on simple weaknesses. The speakers repeatedly returned to the same fundamentals because they are still the most effective defences: 

  • Unique passwords for every system, supported by a password manager 
  • Multi-factor authentication wherever possible 
  • Staff using non-admin accounts for day-to-day work 
  • Keeping all software updated, not just operating systems 
  • Reporting suspicious emails rather than deleting them 
  • Separating shared inboxes from personal accounts for high-risk tasks like recruitment 
  • These actions reduce the “easy wins” attackers look for and make organisations far less attractive targets. 

Practical takeaway: small improvements across many users are more powerful than one perfect system. 

 

Visibility matters: you can’t fix what you can’t see 

A key lesson from the session was that many organisations do not know what information about them is already exposed. Dark web monitoring and scans help providers understand whether email addresses, passwords, or data are already circulating, and what action to take next. 

This is not about fear. It is about awareness. Knowing what is out there allows providers to reset credentials, tighten controls, and reduce risk before an incident escalates. 

Practical takeaway: if you have never checked what data is exposed, make this a priority. 

 

Cyber resilience is a shared responsibility 

The session closed with an important reframing. Cyber security is not just an IT issue. It is a leadership issue, a workforce issue, and a supplier issue. Care providers rely on multiple systems, partners, and platforms, and each one introduces potential risk. 

The aim is not to eliminate risk completely. It is to make your organisation a harder target and to know what to do when something goes wrong. 

The final webinar in this series will focus on exactly that: resilience, recovery, and incident response. Because in today’s landscape, preparation is just as important as prevention. 

 

Missed the session?

See the: recording, slides, and link to the complimentary dark web scan. Providers are encouraged to take advantage of these resources and start with the basics.

 

Photo credits Wesley Tingey on Unsplash

View all case studies

Next Event

View all Events
February

11

February

24

View all Events