A small domiciliary care service in Leicester, B-Hope, were left stunned after a phishing attack breached their email server and gained access to carer’s personal devices. As Sadia Mohammed, Managing Director explains,
“We knew something was wrong when our email server was telling us we had reached our email limit. After further investigation, it became clear that the attackers had also hacked staff’s own personal devices and were unfortunately able to gain access to our banking information which had devastating consequences.”
Luckily, the service were already working their Better Security, Better Care Local Support Organisation, East Midlands Care (Emcare), who were able to provide advice and guidance on what steps they needed to take.
“The support we received from Emcare was what kept us going. They advised us on the various organisations we needed to alert, and pointed towards the Data Security and Protection Toolkit (DSPT) which helped us to decide what we needed to do next.”
B-Hope changed their passwords and updated their software. They also used the DSPT and support from Emcare to review their policies and strengthen their business continuity planning.
“Completing the DSPT has helped us to recover from the attack. We now have additional measures in place to protect our service that includes an updated continuity plan that considers personal devices and frequent password changes.”
Since the attack, B-Hope have policies in place which means that software is updated on a regular basis and passwords on personal devices are changed frequently. As Sadia explains,
“The DSPT is the difference between you putting the right steps in place or not. We now have strict policies that help to protect us against something like this from happening again, and a business continuity plan that includes cyber security. I’m not an IT expert, I’ve never been interested in it, but I’m so glad we completed the DSPT. Everything is moving digital, and it helps you to prepare for that safely.”
The Better Security, Better Care Programme provides free support for Adult Social Care to help providers complete the DSPT. It does this through 28 Local Support Partners situated across England that offer specialised, tailored support to the sector. We spoke to Baz Kanabar, Project Delivery Officer for Emcare, the Local Support Organisation who supported this provider. He said,
“We’re always talking to providers about updating their data and cyber protection policies every year. Training is so important, and staff need to know what policies are in place. Mobile phones in domiciliary care settings are very common, and providers need to know the risks involved and how to assess them.”