Cyber Security Guidance

There are many benefits to embracing digital technology, sharing data digitally  and working securely online in social care. However, as we use technology more, we must keep people’s information safe and secure by taking the right cyber security measures.

What is cyber security?

The name cyber security itself can be off-putting, even a little scary. The words seem to imply it is only for specially qualified, very technical professionals and not for others because it is just too complicated. This is not the case! 

The National Cyber Security Centre puts it well – that cyber security is about “protecting the devices we all use (smartphones, laptops, tablets and computers), and the services we access – both online and at work – from theft or damage”. 

For organisations (including small/medium organisations, large organisations and those from the public sector) good cyber security consists of taking action to reduce the risk of cyber attacks. This means safeguarding the confidentiality and privacy and the availability and integrity of data. This is vital for ensuring the quality and safety of care and support.


Implications for care providers

Security breaches can happen when we use paper records, send faxes and even verbally. However, the consequences of security breaches with digital information are potentially far more severe. This is because substantial amounts of information can be distributed more easily and to a far wider audience.

The impact of a cyber breach or attack can be significant and costly. This can include: 

  • financial losses due to theft from bank accounts, fake requests for payments, including ransonware demands 
  • the time lost through having to fix your website or systems 
  • the potential loss of customers 
  • damage to your reputation 
  • other potential consequences of a hacker getting their hands on your data. 

 For example, one care provider came under a serious attack – employee rosters were deleted affecting care arrangements across several service locations. Passwords to senior managers’ emails and service users’ digital records were changed and the company’s website was removed.

A former staff member told us: “I cannot express the emotional stress this caused. It felt like we were watching a burglary on CCTV without any power to intervene. Email accounts literally disappeared mid-email. It felt like being in a Hollywood film about it. As soon as we made a fix on one area something else went down or became disrupted.”

According to the Department for Digital, Culture, Media & Sport’s Cyber Security Breaches Survey 2024, 50% of businesses and 32% of charities report having cyber security breaches or attacks in the last 12 months. Like previous years, this is higher among medium businesses (70%), large businesses (74%) and small businesses (58%).

Small businesses were less likely to report having a breach or cyber attack than large businesses were, but this data is based on reported breaches and attacks so will be an underestimation.  

Going digital can bring many benefits to a care service and it’s important to make the transition safely. With the increasing use of digital and majority of the sector comprising of small, medium business, it’s important that care services know how to protect their information. 

In October 2020, UK charities reported being victims of fraud or cybercrime 645 times since the start of the Covid-19 pandemic with £3.6 million in total losses. 


How to respond to an attack
 

This is why cyber security is a high priority for business and why all staff must be aware of how to implement protective measures and know what steps to take if a cyber incident takes place. 

Learn more about cyber security here. 

Watch our short video on the impact of cyber attacks on adult social care providers.

Watch our video about the free local support available through the Better Security, Better Care programme: