February Best Practice: Updates and Patches

One of the first building blocks of any security plan is to implement regular, managed updates on all computers in a network. These updates can be both scheduled Operating System (OS) updates or security patches that are released as needed. OS updates often include quality of life improvements, greater functionality, or fixes for known bugs. Security patches, on the other hand, are often reactively published in response to a vulnerability being discovered. These may be discovered by in-house security teams – the good guys – or by malicious hackers.

What happens if you don’t manage the regular installation of these updates? Your computers may not work as well as they could, as they’ll be missing out on new improvements to the software. But the true danger lies in bad actors who can take advantage of discovered vulnerabilities – often released by the OS developer themselves shortly AFTER they have been patched. Once a fix has gone out to close a loophole, it’s a race for the bad guys to find a way to exploit it and try to infect systems BEFORE the vital security patch has been installed.

A stark example of this is found in the WannaCry attack of 2017. This ransomware attack took advantage of a vulnerability that had already been patched by Microsoft two months earlier. However, the virus was able to infect machines that had either never installed the update or were so old they were past their end of life and were no longer receiving these vital security updates. One system that was affected was the United Kingdom’s National Health Service. This attack forced hospitals to turn away patients and re-rout ambulances. It was found that many of the affected hospitals were still running Windows XP, an OS well past its end of life at the time.

With cyber attacks on the rise, every medical practice must manage the updates and patches on all computers in their network. Healthcare Technology Advisors can make it easy with our Cyber Security offering. Call (314)312-4701 today to learn more.