Care Archives - Nourish Care

When selecting a new digital care planning platform, information security should be a key consideration for making sure the platform is suitable and secure for your care service. From GDPR requirements for data processing and controlling, data backups and who can access data, to accreditations such as ISO and Cyber Essentials Plus, there are a host of things to consider when using a new platform. We’ve put together this guide to help you make sense of it all and how Nourish goes above and beyond to ensure data in the system is protected to the highest level.

GDPR: the underpinning of data security

The General Data Protection Regulations “GDPR” is embedded as part of everything we do at Nourish and we continually review and improve our processes to ensure best practice and compliance with the regulations. This includes; vetting suppliers for their own data practices, data sharing agreements with integration partners, Data Protection Impact Assessments and improving data security for our customers in every way we can. Nourish’s compliance with GDPR is monitored and audited as part of the below certifications.

ISO 27001:2022 Information Security Management Systems – an internationally recognised standard of data security

In 2019, Nourish became one of the first digital care planning providers to implement and obtain a UKAS accredited ISO 27001 certification. In November 2023, Nourish transitioned to the latest 2022 version of the standard, giving confidence to all our current and potential customers that we have the latest and best processes in place to protect information across our entire organisation.

ISO 27001:2022 provides organisations with a framework and controls to protect their information in a systematic and cost-effective way, through the adoption of an Information Security Management System (ISMS). This accreditation underpins our security at Nourish; with annual external audits, monthly training sessions, regular meetings to discuss ISMS issues and managerial buy-in to the processes, to ensure our continuous improvement of security. The requirements for accreditation are stringent and based on three security principles:

Confidentiality – ensuring that information remains confidential is a key priority in everything we do.
Integrity – the data we hold must be accurate. This is vital in ensuring we can help our customers to provide the best care to those they support in the platform.
Availability – information is only able to help in providing care when available to the customer.

Nourish achieves these three principles by the implementation of the 93 controls across; organisational, people, physical and technical themes that make up the latest standard, ensuring that Nourish has thoroughly considered risks and has treatment plans in place to mitigate them.

Implementing a certified information management system such as ISO 27001:2022 has enabled Nourish to work in the safest and most efficient way.

Cyber Essentials Plus: protection against online threats

As a company providing software, Cyber Security is often a topic for conversation. How do we protect ourselves further, can we make improvements, what is new that we need to protect against?

Nourish has achieved and maintains the Cyber Essentials Plus certification, adding to our Data Security certifications which work alongside our ISO 27001:2022 certified Information Security Management System. This ensures the safety and security of all data at Nourish and helps to prevent being an easy target for hacking or phishing schemes. To find out more about what you can do to protect your care service from phishing emails read our blog here.

Cyber Essentials is a government-backed scheme aimed towards preventing attacks from the outside. Cyber Essentials Plus is the highest level of certification offered under the Cyber Essentials scheme, it includes a thorough exploration of security systems, experts carrying out vulnerability tests on an annual basis.

Gaining the Cyber Essentials Plus certification is a key part of being able to offer our customers, partners and suppliers’ complete confidence in our ability to handle their data and keep it secure.

Data backups: keeping your data safe

Holding data requires storage, Nourish backs up data continuously to a cloud-based system. Nourish does not use onsite data stores and all cloud-provided solutions are backed up automatically and built into our disaster recovery plan and testing.

Continuously improving processes

The accreditations above are just some of the ways Nourish ensures sensitive information and personal records are kept secure and protected and allows us to stay on top of data protection and Information Security.

Nourish continuously improves its data and cyber security to keep ahead of security improvements and recommendations to limit the chance of breaches or attack. Our main aim is to keep all data safe, accurate and available at all times.

To find out more about information security management and our digital care management platform – click here to book a demo

Have you heard of phishing?

Phishing has been in the news and on social media a lot in recent months. Have you received an email from HMRC, PayPal, your bank, delivery companies like UPS, or maybe you’ve received an email claiming ‘you’ve won an iPhone!’? These are common examples of phishing emails aiming to catch you out.

What is a phishing email?

A phishing email is designed and targeted by cybercriminals or ‘hackers’ to create the illusion of a genuine email. They normally claim to be a company that does exist, but the email will not be from the genuine company. For example, they could be trying to look like a delivery company that was ‘unable to deliver your parcel’ or HMRC with ‘fraud that needs to be actioned’. These emails can look very genuine but will have dangerous consequences. Most often these emails will contain a link that when clicked by the user will usually ask for some sort of personal details or can place viruses or software onto your device.

How does this affect the care sector?

Nourish has noticed an increase in attempted phishing emails in the sector over the last 6 months, these emails are targeted and can look very genuine. Some phishing emails have come to us pretending to be from companies such as care providers, NHS, HMRC, Microsoft and many more, some of which have been very good copies. These emails look exactly like a message from an organisation or person you trust. Official sources should never be asking you for any sensitive information via email.

What are the consequences of a phishing email?

Attacks can cause serious problems if not handled correctly or caught early. The hackers can install malware or ransomware, sabotage systems, steal intellectual property or money, steal or lock access to data or personal information.

The costs to recover this can be very large if they ever do return the property or data they have stolen or accessed. They simply may publish the information which could lead to claims or reputation damage.

The cost of productivity to recover or recreate what is stolen or lost may also cost a company significantly.

It can cause loss of customers if trust is broken, and they may no longer trust the organisation to keep their information or customer data safe.

Financial costs of fines or penalties for breach of regulatory requirements would also be a considered factor if there is more that could have been done to prevent the attack.

How will I know if it is a phishing email?

Knowing for sure is impossible however, some key things to look out for to identify a phishing email are:

Bad spelling and grammar
First time sender or an unknown contact
Generic greeting or lack of personalisation
Suspicious links, attachments or broken images
A lack of context as to why a link or attachment is in the email
Urgency or threats to do activities quickly
Email domains that don’t look like official company domains
An email you are not expecting to receive

What should I do if I receive a phishing email?

If you believe an email may be suspicious or phishing, ensure firstly that you do not click on any links or attachments. If you think it might not be genuine but is something you are unsure about, find a phone number for the company on another source and call to validate.

If the email is sent from a person you think you might know, contact them on another method of communication to ensure that they sent the email.

Most email providers allow a reporting option to report any suspicious emails, this allows email systems to improve the detection of phishing emails. Some providers will also spam emails into a separate spam inbox.

Finally, when you suspect or think it is a phishing email delete the email from your inbox to avoid accidentally clicking or opening in the future.

What should I do if I think I have been caught by a phishing email? e.g. clicking a link or opening an attachment in a suspicious email

First, don’t panic! Make a note of everything you can remember happening, especially taking a note of any information you think they may have gathered from you during the phishing attempt.

Change any passwords as soon as you realise you may have been compromised, also changing the password if it is used elsewhere.

Where possible check any access to the account in question to see if any new attempts have been made to access it.

If this attack was on a work or school computer, contact the appropriate person or IT Department as soon as possible in order to start working toward securing all accounts where possible.

If you shared any information including card or bank details contact your local police, bank and card company as soon as possible as they will be able to stop the cards or money being taken if it is still yet to happen.

Top tips to help prevent phishing

As discussed, the consequences can be significant. However, there are ways you can protect your care service:

Where available, set up two-factor authentication or multifactor authentication to make it harder to access your accounts with just a username and password.
Don’t reply to emails or open any links and attachments unless you are sure of the recipient and the intentions behind the email.
Never provide personal data over the phone or through email links, always ensure you are going through known websites such as the bank website if entering any personal information or details.
Delete phishing emails, report the sender and the emails to help protect yourself against these attacks.
Inform colleagues and follow company procedures on passwords and information security
Consider setting up a phishing policy or training for employees

Being vigilant to phishing emails and knowing what to do if you do receive one and even what to do if you become a victim of one is extremely important.

To find out about Nourish’s data security management take a look at our blog.

If you’d like to find out more about our safe and secure digital care management platform – book a free personalised demo.

We’re all taught that oral health is essential to keep our teeth healthy but what does this really mean? Poor oral health can lead to malnutrition, pneumonia and a weakened immune system which can make it harder to recover from common illnesses. Studies are being conducted to see whether dental hygiene has any links to dementia. So how can we encourage better dental hygiene?

Domiciliary Dental Services

Getting people you support to the dentist is no easy feat. Dental practices aren’t always accessible, medical settings can be quite distressing and getting there requires accessible transport and extra staff. Instead of taking the people you support to the dentist, why not bring the dentist to you? Domiciliary dental services provide dental care right at home.

Oral Health Champion

Some local NHS trusts offer training on dental health for a few members of staff, appointing these staff members as Oral Health Champions. These Champions undertake the training and the responsibility of training existing and new staff. Ensuring your service is working to the NICE guidelines and the Oral Health policy could also become part of the Champions’ role.

Activities are a simple and fun way to encourage conversations about good oral health. Brushing your teeth may not seem fun but, depending on the people you supports abilities, it can be! If you have any keen knitters, download knitting patterns for knitting teeth, tooth fairies or tooth fairy pouches for grandchildren, young relatives and friends’ children. Arty people could have a go at crafting teeth and toothbrushes out of leftover cardboard and painting them. If you have any connections to a local school or nursery, invite them over (Covid-19 permitting) for a lesson on mouthcare. You could even have a sensory afternoon of science experiments, making elephant toothpaste, growing plaque with yeast and sugar and, egg brushing.

The Nourish platform allows dental hygiene to be logged, tracked and managed and provides an Oral Health Assessment Tool (OHAT) for new admissions. In Nourish, you are able to plan, manage and evidence dental appointments and visits and use the OHAT for regular reviews on the oral health of those you support. The Alerts and Warnings function can ensure appointments and reviews are not missed. Because dental health can have a significant impact on the general health of the people you support, the ability to monitor means early intervention is possible.