What is a patch but a temporary measure to repair a break? This is true with patches in most situations, yet, when dealing with software and systems, patches should be considered a critical component of everyone’s security program.
For example, Nationwide Mutual Insurance Company and its subsidiary, Allied Property & Casualty learned the importance of patches after negotiating a $5.5 million-dollar settlement. In this case, hackers gained access to Nationwide’s systems via a vulnerability in one of Nationwide’s applications. In this case the hackers took advantage of this vulnerability to steal personal information of consumers. Worst part about it, a patch for this vulnerability was released three years prior to this incident.
As OCR Director Jocelyn Samuels stated, “Successful HIPAA compliance requires a common-sense approach to assessing and addressing the risks to ePHI on a regular basis … this includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”
The best course of action and lesson to consider is that no one is safe from hackers and that the importance of patches cannot be underestimated.