When they get older logo

Why it’s important to choose a care home that values online security

Collaborative Post

Cyber threats are something we associate with retail firms and global brands. But what many don’t realise is that it’s a risk to all industries, including care homes. In recent years, healthcare records have been compromised (with NHS client data accessed), and this worrying trend is expected to increase with the growing level of interconnectivity between devices and digital software.

When it comes to cyber attacks, hackers pose a huge risk to care home residents, from compromising a patient’s health and safety by accessing personal data to breaching wearable devices. With this in mind, relatives choosing a care facility for a loved one need to choose a home that values online security.

Why Are Care Homes a Target?

There are several reasons why hackers and cyber criminals may want to target a care home.

Firstly, care homes hold huge quantities of sensitive data on not only residents but also their relatives, from financial information to health data and contact details. For this reason alone, millions have been the victim of cyber attacks in the last few years, since care homes are regularly transferring data to and from GPs, pharmacies and hospitals.

In accessing personal devices and health data, residents and their assets are put at extreme risk, and for a cyber criminal, this is highly valuable data which can be sold off for a profit or used as a bargaining tool for ransomware.

Care homes often either don’t have the budget, or put money towards other aspects of the business, meaning that the level of security they have in place isn’t strong enough to prevent an attack. For a criminal, this makes them an easy target.

Similarly, outdated technology and software that hasn’t been updated makes care homes easily accessible for hackers. Care homes may also find their residents a target, as they may not be as tech-literate, which means that human error could be a risk.

Confidential Data and Threats Care Homes Face

Care homes are vulnerable to several cyber threats, from external threats and internal threats. External threats (which are varied) can have dire consequences on the business but also impact individual residents, from a lack of appropriate security measures. Inside threats, meanwhile, may be deliberate criminal acts from a mishandling of data, or negligence and human error which compromises data. But with the help of good identify theft protection software, care homes can be cautious of sector-specific threats and protect themselves and their residents from potential harm.

Much of the data and confidential information that care homes handle is considered a target by cyber criminals because it’s ‘static information’. This means it’s largely unchanged information, such as National Insurance numbers, which can be used for identity theft or fraudulent acts. Care providers also share data with other health professionals which increases the threat landscape and could be used by hackers to gain access to larger organisations. This leaves them vulnerable to cybercriminals manipulating data or holding it to ransom. Naturally, it also means that both the care home and its residents will be at risk of losing their data.

Wearable and ambient devices are more common than ever, allowing carers to monitor the health and wellbeing of their residents more consistently. But if these devices are linked to a server, it opens up opportunities for a cybercriminal to hijack those devices and disrupt their function, putting residents at risk.

It’s essential that any healthcare organisation, including care home facilities, understands the diverse nature of cyber threats and the impact that they can have on the organisation and residents’ wellbeing. Without this understanding, they put themselves and residents at risk. If someone is looking at care home options for their loved one, it’s important to check that the home is taking the right data security precautions.

Unlike other sectors, when a care home suffers a cyberattack, there’s so much more at stake than just reputational damage and financial loss. There’s also business interruption and a risk to the health and safety of individuals living in the home, which is why those looking for a care provider for their relatives need to prioritise cyber security just as much as other factors.

What Measures Should Care Homes Be Taking?

When searching for a care home for a loved one, there are several measures you should check they have in place to protect them and provide the best defence against cyber attacks.


Check that staff have received security training and are kept vigilant about the latest threats. Staff may well be one of the first points of contact a hacker has with the home. They need to know what to look out for to prevent someone gaining access to data, from email phishing attempts to checking file sources before clicking on downloads.

Security technology

The care home in question should also have security technology in place to add an additional layer of protection against any criminal attempts to access resident data. Regular penetration testing will enable the home to spot any vulnerabilities so they can be protected, giving them the best defence against a hacker, while patch updates will mitigate security vulnerabilities in software.

Email protection

Homes need to secure one of the most common attack areas – email – with a strong email security platform, such as VIPRE or Mimecast, that will filter out spam or malicious emails before there’s a chance of someone clicking on them. An endpoint solution will also prevent devices from executing malware files, minimising the risk of ransomware from impacting the home and residents’ data.

Response plan

Another thing to check with a potential care home for your loved one is that they have a suitable incident response plan in place. No matter how well prepared a care home may be, if the worst happens, you need to be sure that your relative’s data will be protected as much as possible. An incident response plan will minimise the damage caused by a breach, so every home taking cybersecurity seriously should have one in place.

It’s essential that care homes encourage independence in their residents, because for many people moving into a care facility, it can feel as though their autonomy is being taken away from them. We want our loved ones to retain their self-esteem, control and dignity, and having the independence to do things for themselves is critical to achieving this.

One of the ways that independence can be instilled in residents is providing them with safe online access, so homes need to have strong measures in place to protect residents and staff from the risks that come with this. Human error and a lack of understanding of the threats that come with digital devices necessitates a stronger cybersecurity system.

Cybersecurity may not be a priority for most people seeking the right care home for a relative, but as we’ve hopefully shown in this article, it’s an important aspect to consider. The gap between cyber threats and healthcare technology is closing all the time, and with care homes such a prominent target for criminals, more needs to be done to protect care facilities from falling victim to a cyber attack.

Photo by Pixabay: https://www.pexels.com/photo/settings-android-tab-270700/




Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x