2nd Apr 2015
Getting Better Outcomes for Older People using personal budgets
A collated research report from across the sector.
31st Mar 2015
Getting the sums right - How to sustainably finance personal health budgets
A new briefing paper published by the NHS..
10th Sep 2015
National Care Association are delighted to be working with British Gas Heat Networks
National Care Association are delighted to be working with British Gas Heat Networks.
10th Sep 2015
Birmingham Symposium 2015 Slides
Here are the slides for the Birmingham Symposium.
10th Sep 2015
Partnership arrangement with Sky, here are the following benefits to our Members
Sky has developed tailored packages for the care home sector.
16th December 2021
Urgent: Critical Cyber Security Alert
The Department of Health and Social Care (DHSC) is issuing an urgent note setting out the current situation and advice on a critical cyber vulnerability, CVE-2021-44228, also known as Log4Shell or LogJam.
NHSX asks that all adult social care providers, and all those running or providing digital services in the sector consider the information below and act accordingly.
What is happening?
A vulnerability has been found within Apache Foundation Log4j2 (‘Log4j2’) that could enable attackers to access IT systems from where they could deploy cyber attacks such as ransomware. This is a global vulnerability which will be important for many organisations around the world to address.
The vulnerability is almost certain to be in most, if not all organisations in some way. Although NHSX are, as yet, unaware of any incidents in health or care, cyber criminals are scanning for this vulnerability. This means the cyber criminals are conducting reconnaissance, so they are taking a look to see which organisations have the vulnerability and where those vulnerabilities are.
What is Log4j2 and how does the vulnerability work?
Log4j2 is used by software developers as they create applications. It processes logs of activity and is embedded into many systems, including those in use in adult social care. It is highly likely that most, if not all, IT and digital systems used by adult social care providers will be affected.
Why does it matter?
The ultimate concern is that attackers may seek to use the vulnerability in Log4j2 to encrypt or damage your digital systems, such as your digital care plans. Furthermore, after gaining access confidential sensitive or financial data can be stolen and potentially sold on-line. Cyber attackers could also hold you to ransom in what is known as a ‘ransomware attack’.
What should you do about it?
Notify your IT team or the person responsible for IT, and ensure actions are taken.
NHSX suggests the following:
- Check your digital suppliers’ website and follow their advice about mitigating cyber vulnerabilities. In this case, the most important action is to install the latest version as soon as practicable.
- If your software suppliers do not have guidance, you may wish to contact them and ensure they are acting accordingly, and scanning for Log4j2 vulnerabilities in particular.
- Your Local Support Organisation, through DSC’s Better Security, Better Care Programme, will be on-call to help or escalate issues you have. This may be especially helpful if you do not have IT support.
- For technical advice and further details, you may find the following updates and guidance useful: National Cyber Security Centre (NCSC), NHS Digital, Microsoft.
- If there are any indications of a compromise, please report this as soon as possible to the NCSC via https://report.ncsc.gov.uk/.
- Follow Digital Social Care on Twitter for sector-specific and relevant updates.