Care England has partnered with the National Cyber Resilience Centre (CRC) Network to deliver three police-led webinars designed to raise awareness of the growing cyber threats facing adult social care providers. These sessions covered:
1) the latest fraud and cybercrime trends
2) the risks created by personal devices, WhatsApp and unmanaged data sharing, and
3) the role of human error and how to build a cyber-aware organisational culture.
The content presented across these events demonstrates that cybercrime is no longer a marginal risk; it is now a mainstream operational threat to care providers of every size. Health and care organisations have experienced rising levels of phishing, fraud, data compromise, and digital misuse, and the CRC’s evidence makes clear that many incidents are preventable through better awareness, stronger processes, and improved digital hygiene.
This article summarises the key messages, guidance, and practical steps discussed across all three webinars. It includes direct links to the full recordings, slide decks and resources highlighted by the police speakers, alongside information on how providers can register free of charge with their local Cyber Resilience Centre for ongoing support, alerts and 1:1 sessions.
Clear call to action:
Care providers are strongly encouraged to watch the recordings, download the tools, and register with the CRC Network for free ongoing support: https://info.nationalcrcgroup.co.uk/get-started-care-sector
This ensures your organisation receives threat updates, training opportunities, and access to police-led cyber professionals at no cost.
**STRENGTHENING CYBER RESILIENCE IN ADULT SOCIAL CARE:
Lessons from Care England’s Three-Part Webinar Series**
The past year has shown a marked rise in cybercrime affecting adult social care. Criminals increasingly target organisations that handle sensitive data, depend on digital systems and operate under pressure, all characteristics that describe the care sector. In response, Care England convened a series of three interconnected webinars with the National Cyber Resilience Centre Network, bringing together policing, national cyber intelligence and practical guidance tailored to frontline care.
This series examined the threat landscape from three angles:
- the scale of cybercrime and fraud
- the vulnerabilities created by personal devices and informal communication tools, and
- the role of human behaviour in both causing and preventing incidents. Together, these webinars create a coherent picture of how care providers can build safer, more resilient services in the face of growing cyber risk.
1. Understanding the Threat: Cybercrime and Fraud in Social Care
Full recording and slides:
The first webinar set out the scale and nature of the cyber threat facing social care. According to the CRC’s analysis, 41% of health or care organisations experienced cybercrime in the last 12 months, with phishing by far the most common entry point. As police speakers noted during the session, criminals do not target organisations because they are large or high-profile, they target them because they are vulnerable.
The presentation emphasised that most incidents begin with everyday digital interactions: an email that looks legitimate, a message urging urgency, a link that appears trustworthy. In many cases, attackers rely on psychological triggers, authority, curiosity, or fear or reward, to manipulate staff into clicking, sharing or opening something they shouldn’t. Importantly, the CRC demonstrated how simple practices such as stronger passwords, multi-factor authentication and early reporting can significantly reduce risk.
The accompanying slide deck and links on the event page include practical reporting routes, such as the national phishing address (report@phishing.gov.uk), tools for checking compromised email accounts, and links to NCSC guidance for care providers.
2. Personal Devices, WhatsApp and Data Sharing: The Hidden Risks
Full recording and slides:
The second webinar explored one of the fastest-growing risks identified across care settings: the use of personal devices for work tasks. Many staff use their own phones to take notes, communicate with colleagues, photograph documentation or share shift information. The CRC’s data showed that a significant proportion of care staff use personal devices because they feel they have no alternative, and many have no secure method of separating their personal and work lives digitally.
This inevitably creates vulnerabilities. Speakers gave examples of sensitive care information synchronising automatically to family cloud accounts, messages intended for colleagues being shared in personal WhatsApp groups, and staff unknowingly transmitting private data over insecure public Wi-Fi. It became clear that the issue is not personal device use itself, but unmanaged personal device use.
The webinar offered pragmatic advice: implement a clear Bring Your Own Device (BYOD) policy, use encrypted applications approved by the organisation, apply mobile device management where possible, reinforce data-sharing guidance, and support staff by explaining the “why”, not just the “what”. The slides and downloads available on the event page provide templates and tools that providers can adapt to their own services.
3. Human Error and Building a Cyber-Aware Culture
Full recording and slides:
The final webinar focused on human factors, and the role of everyday decision-making in preventing or enabling cyber incidents. Police presenters explained that 63% of data breaches in health and social care are linked to human error, often in high-pressure moments or during routine tasks. Fraudsters exploit this, designing their attacks to appear familiar, urgent or harmless.
Throughout the session, the CRC emphasised the importance of fostering a no-blame culture in which staff feel comfortable reporting suspicious activity early, even if they are unsure. Quick reporting allows organisations to isolate incidents and remove threats before harm spreads. The webinar also encouraged embedding cyber awareness into inductions, team discussions and reflective learning, treating it as a fundamental part of safe care, no different in importance to infection control or safeguarding.
Slides for this session provide further tools for identifying phishing, reporting incidents and integrating cyber safety into daily practice.
CALL TO ACTION:
Join the CRC Network and Strengthen Your Cyber Resilience
Care providers are strongly encouraged to watch the recordings, review the slide decks and download the police-recommended tools available on each event page. These webinars demonstrate that with the right awareness, processes and support, even small organisations can make significant improvements to their digital resilience.
Most importantly, every provider should sign up for free membership with their local Cyber Resilience Centre. This ensures access to monthly threat bulletins, police-led training opportunities, technical assessments and 1:1 support.
Register here:
By embedding cyber awareness, strengthening policies and engaging with national intelligence and support, providers can protect residents, staff and services from the rising tide of digital threats, and contribute to a safer, more resilient social care sector.
Comments
Login/Register to leave a comment