System Patch Management Role in HIPAA Security

By this time you should have a basic understanding of cybersecurity, cyber attacks, cyber tools, and malware. If you need a refresher on these topics, please refer to EPICompiance's Monthly Security Reminders published in March, April, and May 2021 accordingly. If you do not have access or have not signed up yet, proceed to the Free Trial page for a no-obligation, unlimited user access.

System Patch Management HIPAA Security

When it comes to important discussions in HIPAA compliance, just as important as the previously mentioned topics to HIPAA Security, an understanding of "System Patches" is similarly vital.

1. What is at stake

Cyber actors are persistently finding ways to exploit and/or hack into digital devices and online portals. They do this by looking for vulnerabilities in online portals and our devices' operating systems (OS) and software. Cybercriminals use these vulnerabilities to deploy malicious software collectively known as malware.

2. Vulnerability = Susceptibility

In computing, vulnerability means a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source (Computer Security Resource Center, Glossary).1

Simply put, system vulnerabilities are akin to weaknesses. This is not to say creators of online portals and digital devices have been sloppy or careless. It is undeniable that cyber technology is a fast-paced world - everything evolves, systems need continued upgrades, and others succumb to "End-of-life" (EOL).

EOL happens when vendors of software and OS discontinues to support or update them.

3. Patch to fix

Vendors are on high alert for any system vulnerabilities before cyber actors discover them. By discovering vulnerabilities and creating system patches expeditiously they are able to prevent exploitation by cyber actors.

Patches are defined as software and operating system (OS) updates that address security vulnerabilities within a program or product ("Understanding Patches and Software Updates").2

According to the article "Lack of Patch Management Leads to Increase in Cybercrime" by the Cyber Research at Argonne National Laboratory, as much as 59% of system vulnerabilities are due to patch management failures.

4. Lesson to learn

We now know that vulnerabilities need patches. Vendors will periodically deploy system patches. Users (individuals and organizations alike) of these systems, software, and applications must therefore run these updates/upgrades promptly to stay protected.

Lastly, when any of your existing OS, software, or application has been declared as End-of-Life (EOL), "accept it and let go". It is a vulnerability for which you will have no security, aid, and relief.