CASPA Strengthens Cyber Resilience Across the Care Software Sector with New Member Guidance

The Care Software Providers Association (CASPA) has published a new suite of cyber security guidance for care technology suppliers, reinforcing the sector’s commitment to maintaining safety, trust and resilience as digital adoption in adult social care continues to accelerate.

While social care is often characterised as being at an early stage of digital maturity, the care software market itself is highly developed, with specialist suppliers delivering complex platforms that support care delivery, clinical safety, workforce management and data sharing at scale. As these platforms become more interconnected – in line with the NHS 10-Year Plan’s shift from analogue to digital – maintaining high standards of cyber security is increasingly central to sustaining trust in digital care.

Developed by CASPA’s Cyber Security Working Group, the guidance focuses on three priority risk areas for care software suppliers:

• secure software development lifecycle (SDLC) practices,
• effective management of third-party software dependencies, and
• protection against supply chain attacks.

Together, these areas address some of the most common causes of cyber incidents affecting health and care technology, with practical steps designed to strengthen resilience without slowing innovation.

Martin Lowthian, Chair of the CASPA Cyber Security Working Group, said:
“Care software is already sophisticated and deeply embedded in day-to-day care delivery. Our members care enormously about the sector they serve and understand that trust is hard won and easily lost. This guidance is about protecting that trust – ensuring digital systems remain safe, reliable and worthy of the confidence placed in them by providers, regulators and the people who rely on care services.”

The guidance also supports CASPA’s work with the NHS on the Social Care Interoperability Platform (SCIP), the national programme to enable safe, consistent data sharing between social care systems and the wider health and care ecosystem. Strong cyber security and supply chain assurance are essential foundations for interoperability, ensuring that increased connectivity enhances outcomes without introducing new risks.

“Over the next few years care software will increasingly be linking up with other systems both within social care and with health. It is therefore crucial that systems are built on solid foundations of safety and security. Effective cyber security will be a prerequisite for linking  systems together and I would expect cyber standards to only be enhanced over time.” – Peter Skinner, Programme Director for Digitising Social Care, NHS England.

“Digital Care Hub welcomes this clear guidance for tech suppliers. We know that cyber security needs a multi-pronged approach, so it is great to see CASPA’s guidance reflecting many of the key issues that care providers raise with us – especially supply chain attacks. We know that attacks on software that is embedded within tech systems can go unnoticed, until it impacts on everyone involved – including care providers and the people they support. Like CASPA, we strongly recommend that suppliers and care providers develop clear service level agreements around supply chain issues, and a business continuity plan covering who will do what if things go wrong.” – Michelle Corrigan, Chief Executive Office, Digital Care Hub.