October 25th 2022
Every organisation and individual within your digital ‘supply chain’ can be affected by a weakness in your cyber security arrangements. And vice versa.
In the last of our series of articles for Cyber Security Awareness Month, Michelle Corrigan, Programme Director of Better Security, Better Care explains why cyber security really isn’t all about you.
As care providers, we are all part of a much wider digital information supply chain.
That chain includes your own tech and IT suppliers, as well as the organisations and individuals who connect with your systems in any way. For example, it would include staff who enter data onto your systems, and banks who manage payments to you on behalf of self-funders using your services.
The supply chain also includes the suppliers, managers and users of tech systems that you access but don’t manage directly – for example, electronic medication ordering systems that are managed by pharmacies, or GP-led proxy access systems.
A weakness at any point of the supply chain can ripple out and affect everyone. Cyber criminals are smart like that – they will exploit any open door, and once they are in, it’s difficult to stop them.
Strengthen the links in your supply chain
Make sure you are not the weak link in the chain. Check and improve your own cyber security arrangements – and check and manage your supply chain.
If you use third-party managed IT services, check your contracts and service level agreements. Ensure that whoever handles your systems and data has security controls in place.
If you are taking part in any digital data sharing projects, you and your partners need to be reassured that you are all following good practice. A key way to demonstrate that you – and your partners – have good arrangements in place is to complete the Data Security and Protection Toolkit (DSPT) to at least Standards Met.
The DSPT requires you to list the IT suppliers you use in your organisation. Good suppliers should let you know your responsibilities and offer options to reduce your risk of cyber threats with updated advice each year. We have a template you can use to list your suppliers. You can then analyse them and assess which ones have access to particularly sensitive or valuable data. Consider what the implications of a cyber attack would be on one of those suppliers and check how that risk is managed.
You can also undertake a basic assessment and achieve a Cyber Essentials certificate. You can ask your suppliers to do the same.
Digital systems are opening up real opportunities for faster access to data. Data which can inform and transform good decisions about someone’s care. We all need to play our part in ensuring that information is safe and checking the cyber security arrangements within your supply chain is a good place to start.
Further information
Support on completing the DSPT from the Better Security, Better Care programme
Cyber security – Digital Social Care guidance
Supply chain cyber security – National Cyber Security Centre
Photo by Miltiadis Fragkidis on Unsplash
View all News