How can we combat cyber attacks in the health and social care sector?

Research by Indusface shows that Health and Social Care is the fifth most like sector to be hit by cyber crime in the UK.
Marie Page
4th March 2024

Health and  social care businesses are disproportionately targeted when compared with other businesses. The sector is the fifth most likely to be hit by cyber crime according to Indusface research. Recent instances, such as the cyber attack on the University of Manchester which led to over one million NHS patients’ data compromised, further proves the case for enhanced security measures.

Such attacks on businesses cause enormous disruption. But, in the case of care businesses, the consequences can be life threatening. The inability of a carer to access a service user’s data can have a huge impact on missed medication or missed care provision – it can rapidly escalate to a safe-guarding situation. Particularly in the case of direct care information, where data privacy and security is so crucial, cyber attacks will likely always remain a risk.

It is essential that we as healthcare and health tech software providers continuously monitor, update, and improve our technology to ensure that a breach does not occur.

What measures must be taken?

There are several measures home care agencies can take to help combat being victims of cyber attacks. Choosing a software solution, like CareLineLive, is a key element in mitigating any potential cyber attacks, particularly if they’re hosting your data.

There are several security standards providers can adopt to provide reassurance that they are operating in a secure manner.

At CareLineLive, we have a number of data security and privacy standards in place. We are Cyber Essentials Plus compliant. This is a Government backed scheme used to protect organisation s against a range of the most common cyber attacks. The Plus standard means that we have been certified by an external auditor. We adhere to the NHS Data Security and Protection Toolkit (NHS DSPT), a self-assessment programme largely based on the ISO27001 standards that has special affordances for healthcare.

Digital Social Care recommends being NHS DSPT compliant to all CQC registered care providers, and it’s a requirement if you deliver services under an NHS contract. They have great advice and guidance for meeting the standards and becoming conformant.

However, many may dismiss these as only being applicable to technology companies. The truth is that cyber security incidents can occur at any step in the process, whether it’s a virus spread via email, sending sensitive information to the wrong individual, or someone managing to get physical access to your computer.

As general advice, good cyber security practices stem from a defensive way of thinking, posing questions such as: “can this email be trusted?”; “could my password be easily guessed if someone knows me?”; “who else could possibly use my computer?”.

Protecting client data

When it comes to ensuring that customers’ data is secure, CareLineLive has numerous measures in place.

CareLineLive encourages good security practices through the platform itself, such as data encryption both in-transit and at-rest, multi-factor authentication, and a comprehensive role based access control system to provide additional restrictions to the viewing and modification of data by authorised users.

We take on the responsibility of securing the platform for our customers, so they don’t have to worry about managing their own servers, or engaging with a third party IT company to do it for them. We take care of firewalls, intrusion detection, and encryption, as well as protections and mitigations against many other common attack vectors.

Our databases also have point-in-time-recovery enabled, which differs slightly to conventional nightly backups. It allows us to restore to any point in time within the backup retention period. Backups must all be replicated to multiple locations, and secured by different credentials.

Our service has a failover mechanism, where if there’s an issue with the underlying server, we can switch to a stand-by instance that has a full copy of the data. To help in scanning for emerging threats, we employ proactive vulnerability testing, as well as periodic penetration testing.

And lastly, it’s crucial to have a plan. At CareLineLive, we have implemented a comprehensive disaster recovery plan which covers backups and restoration. This plan is regularly tested so that in the event of an issue, we can be confident on what actions to take in order to mitigate the fallout.

These measures we have implemented can minimise the impact of a data breach and ensure a swift recovery without compromising client data.

More articles like this: