top of page

How adult social care providers can be more cyber secure

  • Writer: Carolyn Hughes
    Carolyn Hughes
  • Apr 1
  • 3 min read



A Government report has found that adult social care providers need to do more to strengthen their cyber resilience. 


The Department for Health and Social Care published a report called Understanding the state of cyber security in adult social care which has assessed the capabilities of adult social care providers where one third of providers have reported to have experienced a cyber incident. 


The report found that of those care homes who did report a cyber breach, the average cost of dealing with the incident over three years was £9,528.


It also found that 33% of care home providers reported experiencing a cyber incident or unsuccessful attack in the past three years – most commonly phishing, which accounted for 75% of those – and over half of incidents did not have any damaging impacts. 89% of incidents resulted in actions being taken, such as updating cyber policies and procedures and new training for staff.


The report found that 79% of care providers had used established approaches to identify cyber threats in the previous 12 months, including risk assessments and vulnerability audits. However, 17% of providers did not take any measures and 4% couldn’t identify whether they had or not. 


The most common assessments were: cyber security (62%); testing staff awareness and response (41%) and carrying out vulnerability assessments (38%). 


The NWCRC works closely with adult social care providers to ensure that they feel confident in becoming cyber resilient and can stay up to date on the fast-moving nature of cyber fraud and cyber attacks. 


DI Dan Giannasi, head of cyber and innovation at the NWCRC, has put together some advice for social care providers to help them keep their organisation safe from cyber breaches and attacks: 


Password security 

Having good password hygiene is one of the most important and easiest ways to keep your organisation safe from cyber breaches. 


Employees need to understand how to create a safe and secure unique password and they should not use the same password for every account log-in. The NCSC recommends using ‘three random words’ which will create a unique and safe password. They also need to understand that passwords should not be shared or written down anywhere to ensure they are kept safe. 


Account and admin management 

Leading on from the above point, management also needs to ensure that only the relevant people have access to certain accounts. If someone leaves or changes job roles, their access may need to be removed, or their access level changed. Account and user management by the management team is just as important as password management from employees. 


Phishing awareness

Phishing is by far the most prevalent type of cyber breach across any organisation, which can lead to much more serious cyber attacks. 


A phishing email, text message or social media message is when a fraudster imitates a person or business, and encourages the reader to click on a link. Clicking on this fraudulent link could lead to larger malware attacks or even ransomware attacks, where critical data is held for a financial ransom. 


Make sure all employees know what phishing looks like and the repercussions of what could happen if they click on a phishing link. 


The NWCRC runs a Security Awareness Training course, so it’s a really good idea to get your employees booked on a training course to help them understand and identify the risks around phishing. 


Keep all software up to date

It’s also essential to keep all software up to date on every desktop computer, laptop, mobile phone and any other devices, 


Devices that are not kept up to date can have vulnerabilities for cyber hackers to gain entry into the organisations’s networks. It’s important to send regular reminders to employees to make sure they keep their work devices completely up to date.



The NWCRC was set up in 2019 to help organisations across the North West stay safe and secure against cyber hackers and cyber crime. The organisation is backed by the police and also runs fully-funded services, funded by regional police forces and Police & Crime Commissioners.

 

Find out more about the services we offer: https://www.nwcrc.co.uk/all-services

How can we support your business?

Phishing 292 x 219px.png

Raise your staff's awareness of phishing emails and guard your business against the growing trend of social-engineering threats.

 

Training your employees on what a phishing attack looks like makes them more likely to identify and report scams.

security awareness training.png

Our training package is designed and delivered by cyber experts giving you access to the most up-to-date information in an ever-changing cyber landscape.

​

You can purchase single-place training spots or a cyber security workshop.

Community Members

Our premium membership package is aimed at medium-sized businesses and includes bespoke security awareness training sessions.

 

This allows your business to train several cyber security champions and an assessment of your cyber risk. 

bottom of page