top of page

I work in social care - what relevance is cyber security?

Updated: Mar 4

Cybercriminals attack organisations across every part of the UK economy with no exceptions. The social care sector, both public and private, is a highly targeted industry as it handles a vast amount of information which is a valuable asset to those with ulterior motives.

The financial and reputational impacts of a successful security breach are unquantifiable, and can be crippling for companies of any size, making any investment into cyber security a valuable one. If organisations are aware of the risks, they are able to be proactive in taking measures to mitigate against them, which is a far easier approach than responding to a successful attack. Nevertheless, good cyber resilience involves having a response plan so that if the worst were to happen, there are steps to follow.

What are the vulnerabilities within the social care sector?

All care providers are using IT to some degree – even if it is just the use of a single computer for sending and receiving emails – and digital care systems/applications are increasingly being used by regulated care providers to run their businesses. Yet, as the reliance on more digital systems increases so does the threat of cybercriminals and without the necessary protection, organisations are left wide open to an attack. This can include stolen data which also might be deleted or corrupted in a way that is not obvious until years later; and medical devices can be hacked, causing direct harm to clients.

Another vulnerability, one of the biggest and most targeted, is the people within an organisation. Many cybercrimes rely on social engineering, tricking somebody into making one decision that allows criminal infiltration. Most commonly this happens through phishing, often by email, where attackers will craft a message prompting the recipient to download an attachment or click a malicious link. This may install malware or take the user to a convincing page to input their personal details.

The impact of these attacks can not only cause significant financial loss, but the emotional effect can be as damaging to those individuals it targets. Watch this video to learn just how destructive they can be.

Whilst some phishing attempts are obvious, criminals can go to great lengths to formulate highly convincing phishes, with names, information and requests that appear genuine at first. While this problem is impossible to eradicate completely, there are basic cyber practices and common phishing features to be made aware of that can transform your workforce into an effective barrier against these cyber threats.

WCRC support

Last autumn, the WCRC launched a cyber training programme, in partnership with the Welsh Government that offers support to the country’s social care sector through free cyber security training – Cyber Ninjas produced by Matobo Learning. The centre’s team has been speaking directly to organisations in the sector, driving awareness of cyber security and encouraging them to sign up to the programme and, the uptake has been incredibly positive with 2100 taking part.

Thanks to this response, the centre has also been running free conferences for social care providers alongside with North Wales Police, Dyfed Powys Police and South Wales Police, to discuss the current threat of cybercrime and what can be done to make it more resilient from being a victim of a crime. Attendees have also had the chance to speak with crime prevention officers regarding building security and reducing crime being committed at the premises of the social care provider.

With one more due to take place on Tuesday 5 at Venue Cymru, Llandudno, there is still time to reserve a space on our events page.




The contents of this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of The Cyber Resilience Centre for Wales is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. The Cyber Resilience Centre for Wales provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us.

The Cyber Resilience Centre for Wales does not accept any responsibility for any loss which may arise from reliance on information or materials published on this document. The Cyber Resilience Centre for Wales is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page