Data protection and cyber security elearning for care workers
Date: Tuesday 12 December 2023
As care providers, we are all part of a much wider digital information supply chain.
That chain includes your own tech and IT suppliers, as well as the organisations and individuals who connect with your systems in any way. For example, it would include staff who enter data onto your systems, and banks who manage payments to you on behalf of self-funders using your services.
The supply chain also includes the suppliers, managers and users of tech systems that you access but don’t manage directly – for example, electronic medication ordering systems that are managed by pharmacies, or GP-led proxy access systems.
A weakness at any point of the supply chain can ripple out and affect everyone. Cyber criminals are smart like that – they will exploit any open door, and once they are in, it’s difficult to stop them.
Make sure you are not the weak link in the chain. Check and improve your own cyber security arrangements – and check and manage your supply chain.
If you use third-party managed IT services, check your contracts and service level agreements. Ensure that whoever handles your systems and data has security controls in place.
If you are taking part in any digital data sharing projects, you and your partners need to be reassured that you are all following good practice. A key way to demonstrate that you – and your partners – have good arrangements in place is to complete the Data Security and Protection Toolkit (DSPT) to at least Standards Met.
The DSPT requires you to list the IT suppliers you use in your organisation. Good suppliers should let you know your responsibilities and offer options to reduce your risk of cyber threats with updated advice each year. We have a template you can use to list your suppliers. You can then analyse them and assess which ones have access to particularly sensitive or valuable data. Consider what the implications of a cyber attack would be on one of those suppliers and check how that risk is managed.
You can also undertake a basic assessment and achieve a Cyber Essentials certificate. You can ask your suppliers to do the same.
Digital systems are opening up real opportunities for faster access to data. Data which can inform and transform good decisions about someone’s care. We all need to play our part in ensuring that information is safe and checking the cyber security arrangements within your supply chain is a good place to start.
Back to News