As a business, you are responsible for ensuring the safety and security of all of your data. HIPAA laws require you to perform risk analysis and implement measures to reduce the risk and vulnerabilities found.
The requirement applies not only to your in-house data, but to every software program and system you use, third-party vendors included.
Installing patches as they surface is an important part of the process. It’s also one people tend to ignore. How many times have you noticed upgrades to the apps you’re using on your phone, only to hit “later” because you’re busy doing something else?
But when it’s your business, you can’t ignore.
A software patch is a small piece of coding that “patches” a security flaw once it’s discovered. It seals the hole, closing an opportunity a hacker may have had to exploit the data. These are weaknesses in the system. The third-party that issued your software, program, or app is working all the time to make the internal coding that much better. When they make a correction, they pass it along to you, creating a stronger connection against potential attacks.
However, it often still requires a little bit of work from you. You have to initiate the process. You have to say “yes” to the upgrade. If you don’t, you’re leaving your data wide open to potential criminal mischief.
Studies show businesses in the healthcare industry aren’t always quick about making these upgrades. One survey showed 28 percent of security pros in healthcare industries do not scan for vulnerabilities. A full 77 percent said their staffs do not have enough workforce to handle vulnerabilities in a timely manner. Only 58 percent said they would increase patching if new laws were passed holding them accountable for data breaches caused by old or outdated systems where patches were available, yet left uninstalled.
When you update a program and install a patch, it can often lead to a system that no longer works as it once did. This is especially true when two or more systems are connected, and the patch stopped or violated that connection. That can lead to downtime and frustration for everyone on the team. That’s why it’s equally important to have a patch management system in place.
Patch management makes sure patches are installed on a timely basis, and are correctly applied to the system to ensure all problems are minimalized. If you are in charge of patch management, you should:
- Evaluate every patch to determine how it will apply to your system.
- Test them in a small, contained area to discover how it impacts the system.
- Approve patches for general downloading throughout the company.
- Schedule or require installation in a timely manner.
- Test and audit the entire system to ensure everything is working as it should.
Yes, this can be an all-consuming process, especially if you have a lot of software in place. But the alternative can be equally as devastating. If a breach occurs, it can destroy the reputation and goodwill you’ve worked hard on all of these years.
For IT Strategy, Cloud Conversion, or Help Desk Services reach out to us at Silver Linings Technology 360-450-4759.
