As more of our work in social care moves online, it’s never been more important to stay sharp when it comes to cybersecurity.
October is Cyber Awareness Month, and it’s a great time to refresh our knowledge and make sure we’re doing everything we can to stay safe.
Cybersecurity isn’t just something for the IT team to worry about. It’s something we all play a part in, whether we’re responding to emails, accessing care records or using digital tools to support the people we care for.
So, what is Cyber Awareness Month?
It’s a global initiative that encourages everyone to learn more about staying safe online. For us in social care, that means being extra mindful of how we handle sensitive information and making sure we’re not leaving any digital doors open to cyber threats.
Why it matters
Cyber attacks are not just a distant threat, they’re happening right here in the UK, and they’re having a real impact on care providers and the people they support. Three examples of cyber attacks in the sector:
- Caremark cyber incident (2023): A third-party rostering provider was hit by a cyber attack, disrupting care delivery for thousands of providers. The incident halted around £8 million per month in turnover and caused major operational disruption.
- NRS Healthcare ransomware attack (2024): This attack affected multiple councils and compromised personal data, leading to service delays and increased risk of fraud. This impact eventually led to NRS collapsing and going into liquidation.
- HCRG Care Group breach (2025): Over 2 terabytes of sensitive data were reportedly stolen, including medical records and staff IDs, raising serious concerns about data protection and trust.
What can you do?
Here are a few simple steps you can take this month:
- Complete the Cyber Security Awareness eLearning which is a short, practical course that covers:
- Keeping your workplace secure
- Creating strong passwords
- Spotting and reporting suspicious activity
- Everyday tips to stay safe online
- Be alert
- Speak up if something feels off, whether it’s a dodgy email or a strange system message, don’t ignore it. Report it. It’s better to be safe than sorry.
Tangible actions for care providers
Here are some practical steps you can take to improve your cyber resilience:
- Review and update your data protection policies, ensuring that policies reflect current threats and best practices. Include clear guidance on password management, device use and data sharing.
- Conduct regular phishing simulations to test your team’s ability to spot suspicious emails. Use the results to tailor training and raise awareness.
- Implement multi-factor authentication (MFA) for all systems that handle sensitive data. It’s one of the simplest and most effective ways to prevent unauthorised access.
- Keep software and systems up to date, including apps, devices and platforms. Outdated software is a common entry point for attackers.
- Back up data securely and regularly offline or in a secure cloud environment. Test your recovery process so you know it works when it matters most.
- Limit access based on roles. Remember not everyone needs access to everything. Use role-based access controls to reduce risk and improve accountability.
- Identify someone in your team to lead on cybersecurity awareness, coordinate training and act as a point of contact for concerns.
- Make sure your IT support team or provider is proactive about security. Ask about their incident response plans and how they monitor for threats.
Cybersecurity is about more than just protecting data. It’s about protecting people. Let’s work together to create a safer digital space for everyone in social care.
Digital Care Hub provides advice and support to the adult social care sector on technology, data protection and cyber security. Find out more here
You can catch up on how to complete the DSPT Toolkit here
