Care homes around the country are fighting to cut costs where they can. As a result, many care home managers are looking to their insurance premiums to save money – and unwittingly jeopardising their bottom line in the process.

Cyberattacks in Care Homes

Many people wrongly assume that cyber-attackers will sidestep care homes because of the moral and ethical implications involved, but this isn’t the case. The truth is that cyber-attackers do target care homes, and in a number of different ways.

The nature of the kind of data that a care home stores means they’re particularly vulnerable to data theft attacks. 

Carolyn Baker-Mellor, Trading Director at Towergate Insurance, explained, “In care, there are very sensitive personal and valuable records. It isn’t just residents’ data at risk of being stolen either, but the private information of employees, too.”

Divisional Claims Manager Mike Glanton of Towergate Insurance added that, “In the event of a data breach, each individual may be entitled to claim for damages which may come with resultant legal fees. Depending on the severity of the breach, and the number of individuals affected, the sums involved can be devastating. Due to the sums involved,  cyber incidents are excluded under most policies, and a specialist policy is required.”

Preventing a cyberattack

Fortunately, there are ways to minimise your care home’s chance of experiencing a cyberbreach.  “There’s so much that you can do and that you should be doing as frontline protection, so you don’t need to rely on your insurance at a later point,” Carolyn advises. “Implementing robust firewalls, using multi-factor authentication, backing up your data, and, perhaps most importantly of all, training your staff, are all essential. Plus, being able to demonstrate to your insurer that you took preventative measures could end up reducing the cost of your claim further, if an incident did occur.”

What to do in the event of a cyber attack 

If your care home falls victim to a cyberattack, the first thing you’ll want to do is minimise the risk of threat actors accessing other areas of your company systems. Consult your internal processes and IT teams who might advise you to remove the affected machines from the network, change your password, etc, depending on the problem at hand.  

Once this is done, there a number of potential actions that may need to be taken depending on the severity of the breach. These may include contacting the Information Commissioners Office or making contact with affected data subjects.

One of the benefits of working with an insurance broker is that they understand the end-to-end process, ensuring that you have the right cover in advance of any breach and that you get specialist support in the event the unforeseen happens. 

Mike Glanton explains, “There are two sides to any cyber breach claim: the rectification of the work itself (i.e. finding and eliminating the threat in your systems) and dealing with any resultant legal claims or regulatory requirements. Most policies provide support with both, and your broker claims team are on hand to help you get the right support, be it technical or legal, should a breach occur.” 

Reaching out to your broker in times of trouble like this is essential in mitigating the home’s reputational fallout in the event of an incident, in turn helping to reduce costs. Mike, added that, “It could reduce the legal spend because it means that insurers can get that view on liability sooner and manage your exposure accordingly.” 

How a broker could save you costs

Reviewing your cyber policy as a way of reducing costs is perfectly understandable – but going for the cheapest option based on price alone could end up costing you far more in the long-run.

“It’s not like tapping in your vehicle details, saying how long you’ve had it, how much it’s worth, and a premium comes out at the other end,” says Carolyn. “Managing cyber risk in a care home is far more complicated, with more moving parts, and – unlike owning a motor vehicle – carries a risk of reputational damage.”

The rise of social media as well as the public record of care inspections means that word can spread fast in the event of an incident. Not only would a cyberattack or liability claim lead to reputational damage, but it’s also a warning sign for insurers who could up the cost of your premiums as a result.

“All of this and more is why it’s essential that you don’t choose your care home’s cyber policy solely based on the initial price you see,” advises Carolyn.  “While in the short term it could save you money, in the long-term, if an incident were to happen, it could cost your business – badly.”