Cyber security in social care: a shared journey
Ethan is Policy Manager for cyber security in adult social care. He has been working on adult social care policy in the Department for Health and Social Care for several years, including time in Winter Planning and on early stages of the Covid Inquiry.
Adult social care providers have a duty to ensure that people receiving care, their friends and families, as well as those working in care settings, can be confident that their information is kept safe and secure. With multiple pressures on providers this might be easily forgotten, but maintaining good cyber hygiene helps protect everyone in the sector.
Health and Care Cyber Strategy
In March 2023, we published the Cyber Strategy for Health and Social Care. This outlines our vision of a cyber-secure health and social care sector in 2030 across five different pillars:
- focus on the greatest risks and harms
- defend as one
- people and culture
- build secure for the future
- exemplary response and recovery
These five pillars will support every organisation across health and social care to meet the vision of a cyber-resilient future.
Just as the Data Security and Protection Toolkit (DSPT) has been tailored to be relevant to the adult social care sector, we're also working to co-design the approach as it relates to adult social care. Ensuring it's proportionate to the potential threats and harms the sector faces.
Thanks to the great efforts of the Better Security, Better Care programme considerable progress has been made in embedding an understanding of cyber-security practices within the adult social care sector.
When the programme began in April 2021, only 14% of CQC-registered care providers were compliant with the DSPT. Fast forward to today and we now have 66% compliance with the toolkit, that's 17,500 providers.
This is a huge achievement, with credit due to the many Local Support Organisations who work on the programme. This hard work was recognised recently at the National Cyber Awards and the team will continue to raise awareness and compliance, helping to ensure a secure future.
Looking to the Future
The Better Security, Better Care programme continues to work on improving DSPT compliance across adult social care, targeting hard-to-reach parts of the sector to bolster compliance. This includes specific DSPT improvement targets on homecare and new entrants to the sector.
By 2025 we will publish a comprehensive and data-led landscape review on the status of cyber security within adult social care. This will provide an outline of what best practice looks like within the sector and how we as a national team can help plug any gaps there may be. This will also look at cyber incidents the sector has experienced in the past year, and how we are continuously learning to improve our response and support.
We know that meeting the DSPT requirement for training staff can often prove difficult. With this in mind, the Better Security Better Care programme is working to produce a suite of e-learning tools for the sector, that will be available via our newly launched Digital Care Hub later this year. This will ensure that cyber knowledge is easily accessible to all those working in adult social care, and will help care providers to satisfy training requirements as part of the DSPT.
October marked Cyber Security Awareness Month, however the importance of protecting information should know no calendar boundaries. It’s crucial that we continue to focus on fostering a strong culture of cyber across the sector, as it is everyone’s responsibility to ensure the safety and security of those working in and receiving care.