March 4th 2026
Why even small care providers should check their cyber security right now
Recent geopolitical tensions have led to an increase in global cyber activity, and the National Centre for Cyber Security has released an alert warning UK organisations to check and strengthen their cyber security arrangements.
While much of the focus is on governments and large organisations, adult social care providers should not assume they are outside the scope of these threats.
While current geopolitical tensions may involve nation states, many cyber incidents affecting UK organisations are not carried out directly by governments. Periods of international tension often see increased activity from so-called “hacktivist” groups – loosely organised online communities who launch disruptive cyber-attacks in support of political causes. They scan broadly and automatically, hunting for the weakest door – things like known software flaws, misconfigured cloud services, or systems that haven’t been patched. When they find a gap, they exploit it and then escalate into more focused attacks.
Because of this, organisations can be affected even if they are not the intended target. Attackers may also target software suppliers, IT providers, or shared platforms, which can cause wider supply chain disruption for organisations that rely on those services.
For adult social care providers, even a short loss of access to systems, email, or digital care records can have a real impact on staff and the people receiving care.
Simple things to check
You do not need a large IT team to reduce risk. Providers may want to:
- Review your Business Continuity Plan – ensure you know how care services would continue if systems were unavailable
- Speak with your IT provider or Managed Service Provider (MSP) – ask them to confirm systems are patched, protected, and monitored
- Check remote access and email security – ensure multi-factor authentication (MFA) is enabled where possible
- Confirm backups are running and can be restored if needed
- Remind staff to stay alert to unexpected emails, links, or attachments
Many of these protections are reflected in the Data Security and Protection Toolkit (DSPT). Reviewing or completing your DSPT submission can help ensure the basic cyber security and data protection measures expected across health and care are in place.
Taking a few minutes to review these areas can significantly reduce the likelihood of disruption and help protect the continuity of care services.
Related links
NCSC advises UK organisations to take action following conflict in the Middle East
Data Security – Data Protection and Cyber Security
Small Business Guide: Cyber Security | National Cyber Security Centre – NCSC.GOV.UK
View all News