Technology

This is not a drill: cyber attacks are real and devastating

Daniel O’Shaughnessy, Delivery Manager at Better Security, Better Care

Daniel O’Shaughnessy, Delivery Manager at Better Security, Better Care

In the digital world – we’re never alone. Which is great when it comes to getting access to information and support from health and care colleagues quickly. But cyber criminals also lurk in places you might never suspect.

At Better Security, Better Care we’ve seen thousands more care providers come forward for support with their data and cyber security over the last three years. Throughout October – which is National Cyber Security Awareness Month – we are ramping up our call for care providers to check their arrangements and consider the less obvious risks.

Links in the digital supply chain

While it is absolutely critical that you strengthen your own systems, you also need to be aware that you’re part of a much broader digital supply chain.

Any individual or organisation that supplies, accesses or uses the same tech systems as you is part of your supply chain. So that includes: software suppliers; pharmacies, GPs and hospitals who access shared systems; online banking systems; tech devices suppliers; and of course your own staff.

But did you know, that chain also includes staff’s own phones if you allow them to use them for work purposes; wi-fi in public areas such as cafes; and wi-fi in a client’s own home if staff log in to that?

If someone is part of your supply chain an attack on them can impact on you – and vice versa.

Cyber criminals can bombard systems and find a weakness in the chain – and once they are in, they can bide their time until they spot a high-value opportunity, or flood through the systems looking for the next weakest link.

Typically an attack will result in blocking access to data and demanding a ransom in order to release that data. Last year there was an attack on a major NHS and social care software supplier which resulted in services losing access to crucial business data, including staff rostering systems, for weeks.

Care providers may feel they have no control over such occurrences, but you can definitely reduce the impact.

Our advice is to:

  • Create, test and update your business continuity plan: Ensure it includes the critical digital systems and devices you use and what you would do if you lost access to any of them.
  • Keep regular back-ups: Whether it’s on a separate drive, device or on paper – a back up of data can keep you operational if your digital systems go down.
  • Check contracts – including liability clauses: Is it clear what steps your tech suppliers are taking to minimise risks? Who is liable if you are affected as a result of an attack on the tech supplier?
  • Run cyber incident response exercises: They are a great way to test what might happen in typical scenarios such as: a phoneline or broadband failure; power cut; broken computer; hacking of your own systems; or if your supplier’s systems failed or were attacked.
  • Check your insurance policy: Does it include cyber insurance, if not, is there a business case to invest in it? From a quick review of the top insurance companies in social care, at least two-thirds of them offer cyber insurance.
  • Strengthen your own systems: use the official Data Security and Protection Toolkit (DSPT) to check and improve your own arrangements.
  • Train your staff to be cyber aware: Watch out for more on this from Better Security, Better Care. And use the Keep I.T. Confidential Toolkit for social care.

We strongly encourage care providers to take advantage of the benefits of technology – and plan for the risks.

CACI

Email Newsletter

Twitter