CARE HOMES IN HIDDEN WAR!

Statistically, there is more chance of the average care home suffering a cyber-attack than not.

 

  • 60% of small businesses suffer a cyber-attack. (1)
  • The average cost of a cyber-breach for small business is over £65,000. (1)
  • A Care Home has been fined £15,000 as a result of a cyber-attack (2)  

 

Storing client and staff data electronically has made the management of that data much simpler, convenient and cost effective for a Care Home Owner but, as convenient as these systems are, they also provide a gateway for hackers, criminals, staff or even nation states to commit cyber-attacks against your company and steal / usurp that data.

Larger companies usually have significant protection in place, often including dedicated teams to defend their systems from cyber-attacks, but smaller companies generally do not have the resources for such robust protection which can leave them much more vulnerable to a cyber-attack and a much more attractive target for those looking to exploit those vulnerabilities.

 

How exposed are you to a Cyber-Attack?

We find that smaller businesses often do less than they either could or should to protect their business systems from cyber-attacks, generally because they don’t know enough about the problem (the reason we have written this article!) or don’t feel it necessary.

Consider for a moment all the sensitive data your care home stores electronically including:

  • Service User care plans
  • Medical histories
  • Staff records
  • DBS checks
  • Work histories

All of the above are classed as ‘sensitive personal data’ under the Data Protection Act and the loss or exposure of any of this information without the consent of its subject can lead to severe legal issues and heavy fines.

 

So what can the average Care Home do to protect themselves?

It doesn’t need a huge resource to devise a simple robust cyber policy and there are several steps you could take without significant additional cost to your business:

  • Check that you have adequate anti-virus / spam software and that it is kept up to date
  • Make sure that passwords are changed frequently and also every time an employee leaves the business
  • Avoid using general or shared log in details
  • Restrict access to any non-business related web sites (such as social media sites)
  • Ensure that any data that needs to be taken off site is encrypted
  • Adopt a father, son, grandson approach to data backup.

It may also be worth acquiring the services of an IT consultant to ensure you have adequate protection against a cyber-attack. As adept as we can be with computers, hackers often dedicate their lives to finding weaknesses in online security systems and could be aware of vulnerabilities which are not always obvious to non-professionals. However, regardless of how extensive your cyber protection is there are no guarantees that you won’t still become victim to a cyber-attack.

 

Have you considered Cyber Insurance?

Just as you would insure against the financial loss of a claim for fire, theft or liability, it is also possible to insure your business against a cyber-attack and its associated financial losses. A Cyber Insurance policy would typically cover:

  • Loss of profits due to a network security failure / attack, human error or programming error
  • Data loss and restoration costs including decontamination (removal of corrupted files or data) and recovery of lost data
  • Incident response and investigation costs
  • Crisis communications and reputational mitigation expenses
  • Liability arising from failure to maintain confidentiality of your data or an unauthorised use of your network (including compensation to third parties and fines)
  • Network or data extortion / blackmail
  • Online media liability
  • Regulatory investigation expenses

Obviously this is not an extensive list of the covers available, but these are the most commonly used sections of this type of cover and therefore the most important ones to look out for if you are considering a Cyber Insurance policy. An increasing number of Insurers are also providing advice and support on how to protect yourself before a cyber-attack, and how to act in the event of a cyber-attack.

 

Can you afford not to protect yourself against cyber-attacks?

Cyber Insurance has tumbled in price since it was first introduced as demand has increased and the market now has a clearer idea of the risks so, with clear benefits of having this cover in place, you may be pleasantly surprised by the value of a Cyber Insurance policy. The threat from cyber-attacks is wider and deeper than most imagine and there’s a good chance it will happen to you so don’t wait for the catastrophe – put in some preventative measures to reduce the chances and insurance to reduce the cost of the consequences.

 

If you are unsure of what cover you have against cyber-attacks, or what cover is available to you and your business, contact the Care Team at ALDIUM on 0151 353 3868.

 

(1)   https://www.pwc.co.uk/assets/pdf/cyber-security-2014-exec-summary.pdf

(2)  https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/08/northern-irish-nursing-home-fined-by-information-commissioner-s-office/