July 8th 2021
“I cannot express the emotional stress the cyber attack caused. It felt like we were watching a burglary on CCTV without any power to intervene.”
Despite having strong IT systems in place, this care service – which wishes to remain anonymous – was vulnerable to a cyber breach because of the actions of an individual.
In 2019, the company experienced a cyber breach which caused significant disruption across the whole organisation’s operations and service delivery.
Employee rosters were deleted affecting care arrangements across several service locations. Passwords to senior managers’ emails and service users’ digital records were changed and the company’s website was removed.
An internal investigation suggested that the most likely source of the breach was a former staff member who had recently left. They had changed passwords and administrator permissions but had not disclosed or communicated this prior to their departure.
A care manager at the time explains:
“We had actually invested huge amounts into IT and digital solutions and thought we were safe. We had initial conversations with cyber security professionals who said we had ‘pretty good infrastructure’ – but we had essentially left the front door unlocked meaning a rogue individual could just ‘walk in’ and do what they wanted.
“I cannot express the emotional stress this caused. It felt like we were watching a burglary on CCTV without any power to intervene. Email accounts literally disappeared mid-email. It felt like being in a Hollywood film about it. As soon as we made a fix on one area something else went down or became disrupted.”
The company alerted the police to the cyber breach who directed their issue to the National Fraud Intelligence Bureau and the relevant regulatory services including the Information Commissioner’s Office.
The company had to reverse the unauthorised amendments which included contacting their username holders and their domain controller who refused to engage in conversations with the company or the police. The police were unable to trace the source of the system changes, so no individual could be prosecuted.
Following this incident – which went on for several days before they got full control back – the company reviewed all IT system processes and accounts and enhanced security to mitigate further breaches so far as was practically possible. This included some complex arrangements, as well some very simple procedures such as changing passwords when someone leaves. No further incidents of breaches to this extent have occurred.
How to reduce the risk of a cyber attack
- Be careful with your email: learn how to spot fake and phishing emails
- Use strong passwords
- Install the latest software updates – they will contain vital security updates
- Install the latest antivirus software
- Protect mobile devices and tablets – and consider personal devices used for work purposes
- Back up your data so you can continue to access it
- Train staff to be cyber aware – don’t under estimate human error
- Check if your insurance policy covers a cyber breach
- Complete the Data Security and Protection Toolkit – an annual self-assessment of your arrangements
- Get free support from the Better Security, Better Care programme
- Consider getting a Cyber Essentials certification
What to do in the event of a cyber attack
- Report the attack to Action Fraud either via their website or by calling 0300 123 2040.
- If you need advice and support you can alsoreport this to the National Cyber Security Centre. They have also produced a list of things to do immediately if your computer is infected.
- If the information affected includes personal information, e.g. details about staff or service users, then you might need to report this breach to the Information Commissioner’s Office.
- If your organisation completes the Data Security and Protection Toolkit, you can report incidents within the Toolkit and it will help you decide if you need to report the cyber attack to the Information Commissioner.
Further information
Digital Social Care’s cyber security guidance
Better Security, Better Care programme
Digital Social Care helpline 0208 133 3430 (Mon-Fri 9-5) or email [email protected]
National Cyber Security Centre’s Small Organisation’s Newsletter
View all News