In mid-May, Ireland’s National Health Service (HSE) was infiltrated by hackers. The ransomware attack affected many of the Health Safety Executive’s local and national IT systems. The attack wreaked havoc. It shut down the Department of Health’s IT systems, caused appointments to be cancelled, and breached medical data staff records.
The HSE attack serves as a wake-up call for many in the sector, but it shouldn’t be. While there are no statistics relating specifically to the care sector, the National Cyber Security Centre handled 723 incidents within the NHS – all of them “related to Coronavirus”. We also know that the NCSC’s Active Cyber Defence Unit, detected over 120 phishing campaigns, each of them using NHS branding. In contrast, in 2019, there were only 36 phishing incidents of this kind.
In light of these attacks, QCS, the leading provider of content, guidance and standards for the health care sector, is calling on social care providers, who haven’t already done so, to complete the Data Security and Protection toolkit.
With the deadline just 20 days away (June, 30th), Leah Cooke, QCS’s Content Operations Manager, says:
“To safeguard their businesses, from cyber attack, while social care providers should follow the steps outlined in the NCSC’s ‘Small Business Guide’ and the ‘Cyber Security for Small Organisations and Charities’ e-learning guide, the best form of defence is to complete the ‘Data Security and Protection toolkit’.
It is not too late, and having studied the DSPT in great detail, I can vouch for the fact that the DSPT is an excellent resource, which will provide Registered Managers and staff with an all-round holistic knowledge and understanding of the pervasive and numerous cyber threats that they’re likely to encounter. But not only this, it is the best way to build a robust culture of cyber security throughout an organisation – as everyone in a care home – including admin staff, activity teams, chefs, cleaners and third-party contractors – can benefit.”
Leah Cooke reveals the secrets behind a strong culture of cyber security:
“The DSPT is a key building block in inculcating such a culture. But, it is just the first step in raising awareness throughout an organisation. Frontline managers and senior staff still need to lay a vital role in ensuring that knowledge is cascaded down to all staff that work for the care provider. Group awareness sessions can help reinforce the importance of digital hygiene, and on the rare occasions that mistakes are made, the culture shouldn’t be one of blame, but of openness.
With such a culture in place, everyone in the care home should subconsciously be aware of the basic requirements. Tasks such as creating strong passwords, changing them regularly and keeping anti-virus software up-to-date should come naturally. If they do, that’s when you know that a culture of cyber security has been deeply embedded within your organisation.”