How would you handle a cyber attack?

How would you handle a cyber attack?

August 21st 2024

It’s every social care provider’s worst nightmare, experiencing a cyber attack. In the current environment it is paramount that organisations are prepared so that if a cyber attack were to hit them,  continuity in care for their servicer users can be maintained.

Sam Booth, Director of Performance for Be Caring recently spoke at a Better Security, Better Care Webinar, ‘Cyber Secruity in Homecare: What do small providers need to know?. Here he talked through the cyber attack that had affected the business, and the lessons learnt.

Sam told the group,

“In March 2023 our rostering system, Care Free, was attacked and we thought it would be over quickly – we thought it was just a blip!”

Luckily Be Caring had two systems so were able to move over to the second system.  Sam and the team used PASS for their digital care planning and because the two were integrated they pulled out what they needed but had to work from spreadsheets for just over a month.

Care Free confirmed they had been hit by ransomware!

In the grand scheme of things Be Caring escaped too much disruption and when Care Free rebuilt their systems they could re upload their data again and reuse it. But this full process took several more months to get back up to full speed. At one point, Be Caring had to manually verify all their calls, which was no mean feat when they receive roughly 20,000 visits per week. As Sam comments,

“You see cyber attacks in the news, but you never think it is going to happen to you – and it has a massive impact.”

Sam and the team had a business continuity plan, but it wasn’t as up to date as it needed to be, and they felt they didn’t have the technical expertise from within the organisation to ask the right questions.

Sam felt the tools being developed by Better Security, Better Care programme will help social care providers know what questions to ask.

Sam’s top tips for surviving a cyber attack

  • Take cyber security seriously – add it to your business continuity plan.
  • Implement regular backups from the system and separate to your computer
  • Invest more in local IT infrastructure
  • Create a Mobile Device Management (MDN) solution
  • Increase training for staff
  • Ask your suppliers the right questions, E.g. find out about their accreditations and back up systems

Be Caring are lucky to have the financial means to invest in support and guidance but if you don’t and are attacked by ransomware your organisation could be down for longer than a few months.

Be Caring is still with Care Free and they have put more steps in place to support their organisations.  They did this by:

  • Rolling out further security measures including Multi-factor authentication (MFA). MFA is a multi-step account login process that requires users to enter more information than just a password.
  • Additional back ups. Care Free are providing further data backups than it previously did for its customers. Data will be exported to a secure SharePoint folder on a weekly basis so that we will always have an element of contingency and access if necessary. Care Free have increased their backups to every 5 minutes as well.
  • Care Free have invested in a penetration test (pen test) which is an authorised simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system. They are then able to address any weaknesses before they are exploited by potential hackers. The External Audit is similar to PEN testing, but looks at a broader set of features.

“Be Caring and the team did amazingly on pulling through the crisis, but they didn’t escape.”

Sam encourages service users to utilise the support and signposting in the webinar as it will be priceless to mitigate and reduce the risk of a cyber attack. You can find a large library of resources, including;

View all success stories