Cybersecurity Awareness: Patch Management
It’s National Cybersecurity Awareness Month (NCSAM), which means it’s time to go back to the basics of HIPAA privacy and security. The last post gave tips for managing your passwords. Now you’ll learn why patch management is one of the most important things you can do.
In May of 2017, hackers exposed the data of over 145 million people using Equifax to monitor their credit. According to Wired, hundreds of thousands of credit card and social security numbers were stolen. Why did this happen? Simply put, Equifax failed to patch a vulnerability in their software.
If you handle people’s private records every day, you have probably heard horror stories like this and worry that a similar breach could happen to your organization. However, you’re not a passive player in the security game. You can – and should – take responsibility for keeping your company’s software secure and up-to-date.
What is Patching?
Have you ever been told a program will be down for a few hours? Most likely, someone is testing the program for weak areas that need patching. Patching is when you acquire, test, and install fixes (patches) in software code. Oftentimes, Microsoft or others will provide patches to keep their software up-to-date.
In a healthcare company, a system administrator or HIPAA security officer will usually manage patching. However, it’s not a one-time fix. System administrators should regularly scan software, check with vendors that help manage electronic data, and patch any loopholes they find.
So, what can you do to encourage security at your company? First, you should find out what patch management plan is currently in place. Discuss any concerns you have with the person in charge of this plan. Furthermore, you can discuss patching and data security with your team and review these NCSAM security tips from the U.S. Department of Health and Human Services.
To help you and your team create a culture of security compliance, HIPAAtrek, Inc. sends automatic reminders about login monitoring, password management, and malicious software. For more information, contact Sarah Badahman at firstname.lastname@example.org.