Respond and recover from a cyber security incident

Respond and recover from a cyber security incident

October 9th 2024

To mark Cyber Security Awareness Month, Better Security, Better Care has published new guidance to help care providers respond to and recover from cyber security incidents.

Small and medium sized care providers may believe they are not at risk of a cyber attack – but that’s just not the case.

Daniel O’Shaughnessy, Head of Programme Delivery for Better Security, Better Care at the Digital Care Hub explains:

“We’ve heard smaller providers say, ‘We’re not of any interest to a cyber criminal – we won’t get attacked.’ But what they don’t realise is that they can still be a victim, even if they are not the primary target. If a software system that they use is breached or attacked – they will be affected. We’ve seen cases where staff rosters and payments are blocked; medication records are unavailable; and sensitive data is leaked and put at risk of identify fraud.

“It is absolutely critical that care providers have a business continuity plan which covers what they will do if digital systems are out of order. It’s always better to plan ahead – but we know it can be difficult to know what to do in the midst of a crisis. So we have published new guidance on responding and recovering from an incident.”

The guidance, which launched today at the Care Show, is aimed primarily at the person with lead responsibility for data security and protection within the organisation. Every organisation should have a lead in place.

It includes the following advice on the immediate response to a cyber incident:

  • Look at your security software (such as antivirus alerts and server logs) to see if you are able to identify the specifics of the attack, and the cause of the incident. If you are unable to do this (but you know which device has been affected) run your antivirus programme to complete a full scan and take notes of the results it gives you. If nothing is found, consider using an alternative antivirus programme.
  • Do not turn off your computer – it should remain on to preserve any evidence. Log-off (not shut-down) the computer and ensure no-one uses it – consider putting a sign-on to warn others. Isolate the affected system or device from the network to prevent further disruptions. Quarantine the computer by removing the network cable or put it in ‘airplane mode’ if connected to Wi-Fi. Secure any memory discs/CDs/DVDs or other media connected to or used in the computer.
  • Check who else has been affected, speak to your software supplier(s) to find out whether they or other care providers they supply are reporting similar incidents.

During the recovery phase, providers should:

  • Follow your business continuity plan. Ensure you always have access to a ‘grab-bag’ of key documents necessary to respond to an incident. Work with your IT suppliers and IT support to identify the nature and scale of the issues. If you manage your own IT, put your business continuity plan into action. Depending on the type of incident you are responding to, this may involve: replacing infected hardware; restoring data through backups; or remotely wiping data on a lost or stolen phone or tablet.
  • Recover hacked accounts. Check suppliers’ websites for details on how to recover hacked online email, social media or bank accounts. Check your own email account to see if forwarding rules have been set up by hackers. Change passwords. Log all devices and apps out of your account. Set up multi-factor authentication, and update software.
  • Check cyber security consultants’ credentials. If you’re going to use a consultant, make sure they are reputable and meet your needs. View the National Cyber Security Centre assured services.

The guide also includes two downloadable resources:

  • How to spot a cyber attack: A checklist to help care and administrative staff to recognise if a cyber incident is happening, and who to contact within the organisation. Care providers can download, add their data security and protection lead’s details and share the list with staff.
  • Cyber security incidents: A downloadable form to help data security and protection leads to gather vital information as soon as they expect something has gone wrong.

Access the guide and downloadable resources on the Digital Care Hub website www.digitalcarehub.co.uk/cyber-security

Book to attend the Data Security and Protection Toolkit webinar on Data security on 19 November 2024. This session will cover responding to cyber security incidents.

Press contact

Email [email protected]

Tel 07792 636761

View all News

Next Event

View all Events
January

7

January

14

View all Events