Fully Funded Cyber Support for Care Providers: What’s available and how to access it
With ransomware attacks on UK healthcare surging 30% in 2025 and causing patient deaths in high-profile breaches like Synnovis, the government's fresh £210 million Cyber Action Plan provides care providers with essential funded tools to avert looming disruptions.
Key takeaways
- •Cyber incidents in UK healthcare escalated dramatically in 2025, with 204 nationally significant attacks marking a 129% increase and leading to cancelled procedures and at least one reported fatality.
- •The January 2026 Government Cyber Action Plan invests £210 million to enhance resilience across public sectors, including social care, enforcing mandatory standards and central support amid rising threats from third-party vendors.
- •Care providers, holding vast sensitive data but often lacking robust IT, saw 40% hit by breaches in the past 18 months, facing average costs of £9,528 per incident and potential regulatory fines under the new Cyber Security and Resilience Bill.
Cyber Perils in Care
Cyber threats to UK care providers have intensified sharply. In 2025, ransomware incidents in healthcare rose by 30%, shifting focus to vendors and partners. The Synnovis attack by the Russian group Qilin disrupted London NHS Trusts, delaying blood tests and causing patient harm, including one death. Similarly, the December 2025 breach at DXS International, a NHS tech supplier, exposed internal servers, affecting GP practices for 17 million patients.
This surge stems from care sectors' vulnerabilities. Providers handle sensitive personal and medical data, making them prime targets for phishing and ransomware, which account for 75% of incidents. With limited budgets, many outsource IT, yet responsibility remains theirs. The National Cyber Security Centre notes three main attack types: phishing, malware, and denial-of-service, often exploiting human error or weak systems.
Government response accelerated in early 2026. The Cyber Action Plan, launched January 6, allocates £210 million for a new Government Cyber Unit to impose standards and provide expertise. Phased to 2029, it addresses under-digitisation and skills gaps. Concurrently, the Cyber Security and Resilience Bill, in second reading January 6, expands regulations to IT suppliers for essential services, mandating incident reporting and mitigation plans.
Stakes are concrete. Breaches cost an average £9,528 over three years, but larger ones trigger operational halts, like NHS Scotland's 2025 outages delaying care. Inaction risks fines, data theft impacting 882,000 in past health breaches, and reputational damage. Deadlines loom: compliance phases begin April 2027, with regulators recovering costs via fees.
Non-obvious tensions emerge. Small care homes struggle with compliance costs, potentially straining finances amid rising operational pressures. Third-party risks amplify threats, as seen in retail campaigns like Scattered Spider's 2025 hits on Marks & Spencer. The rise of AI-driven attacks in 2026 adds unpredictability, transforming threats at machine speed. Balancing security with care delivery creates trade-offs, where over-caution might slow urgent medical access.
Sources
- https://industrialcyber.co/reports/healthcare-ransomware-attacks-surge-30-in-2025-as-cybercriminals-shift-focus-to-vendors-and-service-partners
- https://www.linkedin.com/pulse/healthcare-cyber-brief-december-2025-uk-edition-cylera-rgknc
- https://www.cm-alliance.com/cybersecurity-blog/dec-2025-biggest-cyber-attacks-ransomware-attacks-and-data-breaches
- https://www.quostar.com/blog/latest-uk-cyber-attacks-2025-classification-by-common-types
- https://www.gov.uk/government/publications/government-cyber-action-plan/government-cyber-action-plan
- https://www.techuk.org/resource/government-sets-out-refreshed-plans-to-strengthen-public-sector-cyber-security.html
- https://www.ncsc.gov.uk/blog-post/government-cyber-action-plan-strengthening-resilience-across-uk
- https://www.tlt.com/insights-and-events/insight/the-cyber-security-and-resilience-bill-understanding-the-uks-legislative-response-to-digital-threats
- https://htn.co.uk/2026/01/08/government-launches-cyber-action-plan-and-210-million-investment
- https://www.careengland.org.uk/cybercrime-doesnt-stop-at-the-care-sector
- https://www.emcrc.co.uk/post/why-cyber-security-matters-more-than-ever-in-the-care-sector
- https://www.caremanagementmatters.co.uk/feature/data-security-and-compliance-issues-in-care
- https://www.hcpa.info/news/increased-cyber-threat-for-uk-adult-social-care-providers
- https://www.homecareassociation.org.uk/resource/new-report-on-cyber-security.html
You might also like
- Feb 25Avoiding the ripple effect of a personal data breach
- Mar 5Not Ready for a Pen Test? Attackers Don't Care
- Mar 12Personal cyber security awareness webinar
- Mar 18Learning from Others’ Mistakes: Real Cyber-Breach Insights for NZ Businesses
- Mar 23Preparing for a Cyber Incident: Tools and Tips for the Care Sector