Cybersecurity Awareness: Patch Management


It’s National Cybersecurity Awareness Month (NCSAM), which means it’s time to go back to the basics of HIPAA privacy and security. The last post gave tips for managing your passwords. Now you’ll learn why patch management is one of the most important things you can do.

In May of 2017, hackers exposed the data of over 145 million people using Equifax to monitor their credit. According to Wired, hundreds of thousands of credit card and social security numbers were stolen. Why did this happen? Simply put, Equifax failed to patch a vulnerability in their software.

If you handle people’s private records every day, you have probably heard horror stories like this and worry that a similar breach could happen to your organization. However, you’re not a passive player in the security game. You can – and should – take responsibility for keeping your company’s software secure and up-to-date.

What is Patch Management?

Have you ever been told a program will be down for a few hours? Most likely, someone is testing the program for weak areas that need patching. Patching is when you acquire, test, and install fixes (patches) in software code. Oftentimes, Microsoft or others will provide patches to keep their software up-to-date.

In a healthcare company, a system administrator or HIPAA security officer will usually take care of patch management. However, it’s not a one-time fix. System administrators should regularly scan software, check with vendors that help manage electronic data, and patch any loopholes they find.

So, what can you do to encourage security at your company? First, you should find out what patch management plan is currently in place. Discuss any concerns you have with the person in charge of this plan. Furthermore, you can discuss patch management and data security with your team and review these NCSAM security tips from the U.S. Department of Health and Human Services.

To help you and your team create a culture of security compliance, the HIPAAtrek platform sends automatic reminders about login monitoring, password management, and malicious software. Learn more about how HIPAAtrek can help you simplify your HIPAA compliance program.

Are you up to date with HIPAA?

Check out our cheat sheet for staying up to date with changing regulations!

Request A HIPAAtrek Demo

HIPAAtrek User
Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!

You Might Also Like

Double Extortion: What It Is, and How You Can Prevent It

If organizations refuse to pay their ransom, attackers are threatening to release the data publicly. This will of course include sensitive information and PHI. Before Double Extortion, we assumed that hackers could not actually access our data and were only with-holding it from victims to disrupt the ability to continue their work. Now we know they can extract this information and publish it online, breaching our patient’s security.

Read More »