Commissioners have a key role in supporting providers, holding them to account, and ensuring business continuity when things go wrong. This pack gives you the key messages, practical tools, and free resources available to help your local care providers stay secure.
Why Cyber and Digital Safety Matters
80% of Local Authority spend goes to adult social care, yet most care providers operate outside of NHS and council systems. Their digital safety is fundamental to the stability of care delivery, especially when systems are interconnected (e.g. invoicing, finance, care records, digital tools).
A cyber attack on a provider could:
- Disrupt care delivery
- Halt invoicing and payments
- Compromise sensitive data
- Impact the council’s own systems if data is shared
More than IT, it’s about protecting people and maintaining continuity of care.
Your Responsibilities as a Commissioner
Under What Good Looks Like (WGLL) for adult social care, success measure 3 is “safe practice”. This means:
- Ensuring providers have basic digital and cyber hygiene in place
- Commissioning safely and with due diligence
- Responding effectively to digital and cyber risks
WGLL calls on commissioners to:
- Embed digital and data security standards into contracts
- Check that providers are completing the Data Security and Protection Toolkit (DSPT)
- Support providers to access free cyber and digital resources (like the Digital Care Hub)
This is defined in WGLL – Success Measure 3: Safe Practice
What You Can Do?
Ensure digital and cyber standards are in your contracts
- Use the NW ADASS template clauses
- Include expectation of DSPT completion
Check if providers are meeting the DSPT
- If they’re not, you can signpost them to support
- 76% of care providers have already completed the DSPT – make sure your providers are part of this.
Know what support is available for providers
Digital Care Hub offers:
- Free DSPT support
- Cyber training
- Support helpline – [email protected]
- Business continuity planning tools
- Guides
- Webinars
Promote use of support services
- Local Support Organisations (LSOs) are fully funded to support providers with cyber resilience
- Encourage providers to engage with LSOs early
Have a plan for cyber incidents
- Do you know what you’d do if a provider had a ransomware attack?
- How would you respond if your own systems were attacked, affecting payment or communications?
- Do your providers know who to contact?
