Care organisations do vital work by supporting some of the most vulnerable people in the country. Unfortunately, cyber-attackers just don’t care. 

In fact, the healthcare sector is disproportionately targeted by cyber-attackers, with over half of healthcare companies in the UK having fallen victim in 2023 alone.1 But why? 

For cyber-attackers, care organisations are a gold mine when compared to other types of businesses because of the sensitive and confidential nature of the data they hold on your service users, which can then be sold on the black market for potentially huge sums. 

The three most common cyberattacks hitting care homes 

Cyber-attackers know that care organisations have limited resources compared to bigger corporations, making it potentially easier for them to penetrate your IT security systems. This unfortunately also means that your company is likely to be more vulnerable to a cyberbreach. 

According to the National Cyber Security Centre, the three biggest cyber threats facing care homes are: 

Phishing 

Phishing is the most common type of cyberattack, and typically involves the cybercriminal tricking an employee into divulging sensitive data that then allows them to penetrate your company’s computer systems.  

Malware 

Malware is a general term for any malicious software that is designed to incapacitate your IT systems. Malware is usually something you unknowingly implant in your own system, e.g., by clicking a link in a legitimate-looking email. 

Ransomware 

In a ransomware attack, the hacker uses malware to gain remote control of your IT systems and will only grant your access back after a ransom has been paid. Ransomware is a type of malware. 2 

The consequences of a cyberattack 

If your company has never been the target of a cyberattack, you might think that it’s a case of simply fixing what was broken and then moving on – but this is far from the truth. 

Cyberattacks have devastating repercussions, financial and beyond, that can be felt by your business for many years to come. 

Last year, an undisclosed cyber incident hit a group of care homes in Leicester, causing disruptions to IT processes that meant that some staff members would not be paid. As a result, the managing director was notified by the council that ‘hundreds of thousands of pounds’ in payment could be delayed, saying, “there’s no real end in sight.” 

It’s true that there are no clear guidelines on what you should do if your company is targeted by a cyberattack, but care organisations can be fined and prosecuted if it’s found the breach could have been prevented. This was the case in 2024, when software company Advanced, who provided IT services to big healthcare organisations like the NHS, was fined £6.09million by the Information Commissioner’s Office (ICO). The ICO found that hackers had managed to access the private data of nearly 83,000 people because of Advanced’s negligence.3 

But care organisations who suffer a cyberbreach risk losing more than money, but their reputation. Service users and their families expect that their loved ones and their private information are in safe hands, and a cyberattack threatens this implicit bond of trust – and in doing so threatens your business. 

Find out more 

To find out more about cyber risks please contact James Anscombe on 07967 850015 or email him: james.anscombe@towergate.co.uk 

Towergate Insurance is a trading name of Advisory Insurance Brokers Limited. Registered in England Company No. 4043759, Registered Office: 2 Minster Court, Mincing Lane, London, EC3R 7PD. Authorised and regulated by the Financial Conduct Authority.