Once reserved for high profile targets, cyber attacks now cast a wide net catching unsuspecting individuals and businesses alike. Digital systems are part of our everyday lives and with the increase in use comes an increase in risk.
In the care sector, the adoption of digital systems presents an excellent opportunity to help us provide better, more efficient care. Shared systems allow care services to view elements of a client’s medical history at the click of a button. Digital care planning gives carers more time to care, and remote monitoring systems can empower people to take charge of their own health.
The benefits are huge. But if you don’t get the foundations right, you leave yourself exposed to cyber criminals slipping through the virtual net.
Super smart scams
Cyber criminals are ultra-smart opportunists.
For example, cyber criminals managed to access a system and were actively monitoring emails from a care provider’s finance director. They stayed in the background until they spotted that the director was going on leave. Once they were out of the office, the criminals forged an email to a colleague using the email address and normal tone and style of the director – giving instructions to make payments that they had allegedly ‘forgotten’ to process before going on leave. Hard to spot, and it looked legitimate.
Cyber criminals are super smart when it comes to ransomware attacks. A ransomware attack occurs when a criminal blocks access to data and demands a ransom in order to release it or prevent it being published on the dark web. It’s one of the most insidious attacks out there and can devastate a care provider. But criminals have been known to access a business’s filing system, find their cyber insurance policy and check the maximum level of the company’s insurance – and ask for that amount! Afterall, there’s no value to the criminal in demanding a value that a company can’t afford to pay.
Size doesn’t matter
Size isn’t a deterrent for cyber criminals. Whether you’re big business, or a small local care service, the reality is that anyone can be hit with an attack. As Peter Bullen, from Better Security, Better Care and the Hertfordshire Care Providers Association, emphasises:
“A small business might wonder why they’re targeted when they don’t have substantial income revenue, not realising they’re attractive to cyber criminals who will expect them to have less robust cyber security measures in place.”
At Better Security, Better Care, we help care services with cyber security every day, but criminals will still try their luck with us. As Daniel O’Shaughnessy, Delivery Manager, explains,
“We’ve received phishing emails detailing events we’re actually attending. The more sophisticated ones even use real staff names and job titles. Luckily our staff are trained to spot the telltale signs.”
Staff training is key
There are lots of things you can do as a care service to protect your business from a cyber attack. Better Security, Better Care has free guidance to help you, but a good place to start is with your staff. Keiron Broadbent, CEO of West Midlands Care Association, knows the importance of staff training:
“You can’t assume that your staff are cyber aware, it’s your responsibility to train them and you don’t need to be an expert. There’s freely available resources and support through Better Security, Better Care.”
Peter Bullen urges care services to encourage a no shame culture,
“I’ve known the smartest of CEOs to click on a link, it’s a possibility for all of us. Training your staff and encouraging them to record breaches develops a culture where staff can discuss the issue openly, and management have a good idea of what learning needs to take place.”
Further information
Better Security, Better Care is the free support programme for social care providers on data protection and cyber security. Visit www.digitalcarehub.co.uk/bettersecuritybettercare
Free guidance on cyber security – available on Digital Care Hub (formerly Digital Social Care) www.digitalcarehub.co.uk/cyber-security