Cyber criminals don’t care that you’re a care home

With the cost-of-living crisis hitting hard, care homes around the country are fighting to cut costs where they can. As a result, many care home managers are looking to their insurance premiums to save money – and unwittingly jeopardising their bottom line in the process.

Cyberattacks in care homes

In a recent episode of the Care Home Management podcast, Trading Director Carolyn Baker-Mellor and Divisional Claims Manager Mike Glanton of Towergate Insurance discussed the looming threat of cyberattacks in care homes – and the costs homes are incurring as a result.

Many people wrongly assume that cyber-attackers will sidestep care homes because of the moral and ethical implications involved, but this isn’t the case. The truth is that cyber-attackers do target care homes, and in a number of different ways.

The nature of the kind of data that a care home stores means they’re particularly vulnerable to data theft attacks. “In care, you’ll have some very sensitive records, personal records, so for people wanting to buy those records, they’re very valuable,” says Carolyn. It isn’t just residents’ data at risk of being stolen either, but the private information of employees, too.

Mike Glanton explains “…In the event of a data breach, each individual may be entitled to claim for damages which may come with resultant legal fees. Depending on the severity of the breach, and the number of individuals affected, the sums involved can be devastating. Due to the sums involved,  cyber incidents are excluded under most policies, and a specialist policy is required.”

But boosting your cyber defences is no guarantee that an attack won’t happen. In the podcast, Carolyn discusses an incident of fraud that occurred within a highly protected care home whereby it appeared that the director of the home had authorised a number of large cheques, including one for, “the sort of money that could actually put someone out of business.” It was eventually discovered that cyber attackers were behind the bogus cheques, and had cloned the director’s email address to make the cheques appear as though they were from a legitimate source.

Preventing a cyberattack

Fortunately, there are ways to minimise your care home’s chance of experiencing a cyberbreach. The National Cyber Security Centre has a wealth of information and advice.

“There’s so much that you can do and that you should be doing as frontline protection, so you don’t need to rely on your insurance at a later point,” Carolyn advises. Implementing robust firewalls, using multi-factor authentication, backing up your data, and, perhaps most importantly of all, training your staff, are all essential. Plus, being able to demonstrate to your insurer that you took preventative measures could end up reducing the cost of your claim further, if an incident did occur.

What to do in the event of a cyber attack

If your care home falls victim to a cyberattack, the first thing you’ll want to do is minimise the risk of threat actors accessing other areas of your company systems. Consult your internal processes and IT teams who might advise you to remove the affected machines from the network, change your password, etc, depending on the problem at hand.

Once this is done, there a number of potential actions that may need to be taken depending on the severity of the breach. These may include contacting the Information Commissioners Office or making contact with affected data subjects.

One of the benefits of working with a broker is that they understand the end-to-end process, ensuring that you have the right cover in advance of any breach and that you get specialist support in the event the unforeseen happens. Mike Glanton explains “There are two sides to any cyber breach claim: the rectification of the work itself (i.e. finding and eliminating the threat in your systems), and dealing with any resultant legal claims or regulatory requirements. Most policies provide support with both, and your broker claims team are on hand help you get the right support, be it technical or legal, should a breach occur.”

Reaching out to your broker in times of trouble like this is essential in mitigating the home’s reputational fallout in the event of an incident, in turn helping to reduce costs. Mike says, “It could reduce the legal spend because it means that insurers can get that view on liability sooner and manage your exposure accordingly.”

How a broker could save you costs

Reviewing your cyber policy as a way of reducing costs is perfectly understandable – but did you know that going for the cheapest option based on price alone could end up costing you far more in the long-run?

“It’s not like tapping in your vehicle details, saying how long you’ve had it, how much it’s worth, and a premium comes out at the other end,” says Carolyn. Managing cyber risk in a care home is far more complicated, with more moving parts, and – unlike owning a motor vehicle – carries a risk of reputational damage.

Carolyn discusses how the advent of social media as well as the public record of care inspections means that word can spread fast in the event of an incident. Not only would a cyberattack or liability claim lead to reputational damage, but it’s also a warning sign for insurers who could up the cost of your premiums as a result.

That’s where crisis management comes in, an essential service that comes included in your Towergate policy. It’s not just useful when it comes to mitigating reputational damage caused by an incident, says Carolyn, but also because if you need to make a claim, proof that you’re working with a crisis management team will likely reduce costs.

All of this and more is why it’s essential that you don’t choose your care home’s cyber policy solely based on the initial price you see. While in the short term it could save you money, in the long-term, if an incident were to happen, it could cost you – badly.

Find out how Towergate can assist your care home

Please email caredivision@towergate.co.uk to speak to one of our friendly expert advisers.

About the author

Marc Rocker, Head of Cyber has been with Towergate for over 15 years advising commercial clients of all sizes on their business insurance needs.

As Head of Cyber Insurance, Marc has responsibility for ensuring that the advice and products that Towergate provides meet clients’ needs. Marc is a member of the British Insurance Brokers’ Association (BIBA) cyber technical committee.

 

 

 

Consistent with our policy when giving comment and advice on a non-specific basis, we cannot assume legal responsibility for the accuracy of any particular statement. In the case of specific problems we recommend that professional advice be sought.