Insight

Embracing technology in care homes - balancing innovation and cybersecurity

Published

Written by

Read time

In recent years, care homes have increasingly adopted new technologies to enhance their operations. From improving resident care to streamlining administrative tasks, these innovations have significantly connected care homes to the broader digital ecosystem. While this integration brings numerous benefits, it also introduces vulnerabilities to cyber events and threat actors. This article explores the advantages of the adoption of new technologies in care homes and the importance of robust cybersecurity measures to keep then protected.

The value of data in the care sector

As care homes increasingly digitise their residents' records, the government has set a target of at least 80% of people in receipt of care having digital records in place,  communications, Internet of Things and decision-making processes, they face a significant range of cybersecurity threats. These threats have the potential to jeopardise resident safety, compromise data integrity, cause reputational damage, and disrupt operations. To protect against these risks, care home operators must take proactive precautions to understand, review, and plan for potential cyber incidents. Effectively managing these risks is crucial to ensuring the safety and continuity of the business.

The cyber threats

External cyber threats are well-documented and frequently highlighted in the news. Among these ransomware attacks are particularly notorious. In these attacks, malicious software infiltrates systems, encrypts data, and the attackers demand a ransom for its release.  A notable example in the social care sector is the 2020 ’Blackbaud hack’  where hackers encrypted sensitive data and demanded a ransom to restore access. This incident disrupted care and other services, highlighting the vulnerability of social care facilities to such attacks.

Phishing attacks are another leading cause of data breaches in the social care sector. These attacks use deceptive emails or messages to trick users into revealing sensitive information. Phishing emails have become increasingly sophisticated, often indistinguishable from legitimate communications. In 2023, a large social care organisation in the US BrightSpring Health Services fell victim to a phishing attack where employees were tricked into providing login credentials, leading to unauthorised access to resident information and financial data.

Cyber threats do not always come from external sources. Internal threats can be equally damaging, and staff members, despite being an organisation’s greatest asset, can pose significant risks.  Disaffected employees with access to an organisation’s hardware and systems may exploit their positions to cause harm. In Canada ‘Perley and Rideau Veterans' Health Centre‘  experienced a severe disruption when a disgruntled employee used their access to disable critical systems, causing operational chaos and compromising resident care.

Complex landscape

In today’s evolving health and care sector, the effective exchange of data between different systems and their stakeholders is crucial. This seamless integration enables residents to transition smoothly between providers, improving user experience and reducing costs. Electronic health and care records have become commonplace in the UK’s health and social care systems and while digitisation brings many benefits, it also introduces a growing problem: fragmentation. Providers often use multiple separate electronic record systems, which typically do not communicate well with each other.

The use of multiple systems in the UK health and care sector poses significant cybersecurity risks. Each system will contain vulnerabilities, and a single point of failure in one system can provide an entry point for malicious actors.  Once inside a relevant security perimeter, a third party can easily move from one system to another. IBM stated in their 2023 report ‘Cost of a data breach’ that  without effective scanning and monitoring methods, the average time for a business to identify and contain a data breach was 277 days

Balancing security and care continuity

Achieving cyber resilience in the social care sector demands planning and investment. Operators must allocate sufficient budget and operational resources for robust security measures, including access controls, firewalls, and intrusion detection systems. However, many businesses in this sector operate with modest cybersecurity budgets, limited IT support, and outdated systems.  Funds are often prioritised for operational necessities rather than cybersecurity measures, making care homes vulnerable to cyber threats – with over half of UK heath and social care businesses being targeted by cyber-attacks.

Security measures must be tailored to the specific needs and circumstances of each care home, taking into consideration the organisation’s staff and their requirements. Key considerations include:

  • User-friendly access controls: Implementing access controls that do not overly disrupt workflows or hinder the ability to provide timely care. Frequent password prompts and other disruptions can negatively impact staff efficiency and resident care.
  • Balanced approach: Security measures should balance protection with usability, ensuring that they do not create additional burdens for staff.
  • Prompt support: Any spikes in support requests due to security changes must be addressed promptly to maintain smooth operations.

Risk-based prioritisation

Risk assessment also plays a pivotal role in making appropriate security decisions, allowing care providers to proactively manage potential threats. By conducting comprehensive risk assessments, care home operators can identify and prioritise risks, thereby enhancing their resilience and ensuring effective service delivery while limiting regulatory exposure. 

Essential interventions

In today’s care sector, cybersecurity is a critical concern that requires both technological and organisational interventions.

Care homes need robust security frameworks. Multi-factor authentication (MFA) is essential to ensure only authorised personnel can access sensitive systems.  Data segregation is also crucial, limiting access so employees can only view information relevant to their roles. And use of network security devices, such as encryption, firewalls, and intrusion detection systems (IDS) will help care home businesses reduce their cyber-risk. Regular updates and patches for these systems and applications are vital to close security vulnerabilities, as illustrated by the 2017 ‘WannaCry’ ransomware attack on the NHS.

Managing cyber threats

Success in combating cyber threats hinges on the attitude, capabilities, and investment made by care providers. Fostering a culture of cybersecurity awareness among all staff members is essential and by integrating both technological and organisational measures, care homes can create a robust defence against cyber threats.  Utilising free resources, such as risk management services offered by insurers, can further enhance security, these services might include phishing training, tabletop exercises for incident response plans, and continuous monitoring of the external perimeter to identify threats.

At Howden we aim to support care home businesses in their cyber journey by ensuring that they have the knowledge and tools to achieve business resilience, leveraging our strong insurer partnerships to negotiate the most appropriate deals on their behalf. 

We're here to help your business

Do you have an existing policy with Howden?

Got a question or query? Give us a few details in the box below and we'll get back to you.

Our Website Terms and Conditions and Privacy Notice includes information on the scope of our service and how we will handle your data.

CAPTCHA
2 + 0 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

What to do if you are experiencing financial difficulties

We recognise that the current economic conditions are putting pressure on many households and businesses. At Howden, we are committed to finding ways to assist our customers who may require additional support during these times.

If you’re currently facing financial difficulty, please speak to us about your insurance policies by:-

-contacting your Howden Service Team; 
-calling Howden on 020 7623 3806;
-using the Enquiry form.