After a malware incident in 2014, Anchorage Community Mental Health Services (ACMHS) in Alaska paid a $150,000 fine and adopted a corrective action plan to improve the security of its technology resources. The Department of Health and Human Services Office for Civil Rights (OCR) said the security incident was the direct result of ACMHS failing to identify and address basic risks, such as not regularly updating its IT resources with available patches and running outdated, unsupported software.

ACMHS is far from alone.

Read More…