Our IT handles that…

This is a phrase we hear almost every day, but all too often our cybersecurity scan results show a different reality. What we’re talking about are software updates, specifically lately Windows updates. Every Tuesday, Microsoft releases Windows updates and patches. Known as patch Tuesday, these patches range from small and minor to 50+ patches, some of which address active exploits. an active exploit is a vulnerability that is known to be being used in cybersecurity attacks. Missing these patches means your machines and your networks are vulnerable. In fact, just a few weeks ago one series of Microsoft patches addressed an exploit that allowed hackers to take complete control of your computer and ultimately your network. Ensuring your computers are patched is not only an essential cybersecurity necessity, but it’s also a HIPAA requirement. It’s your responsibility to see that this is done, not your IT company. 

Sure, most IT companies are on top of these updates. Many of them run them automatically and can look at a dashboard to see which computers are updated and which ones aren’t, but not all of them operate like that. Even those who do often delay implementing patches for days or weeks while those patches are testing against other software applications you may use that may cause a conflict. If you’re a client who calls your IT only when something breaks (aka a break/fix relationship), they’re likely not monitoring this at all. Regardless of why it may not be getting done promptly, or at all, it’s going to be your butt in the fire. 

To address this frequent gap, we recommend you check the updates yourself at least weekly. It’s simple to do, click Start, click Settings, click Update & Security, and click the button that says “check for updates”. If it shows you have needed updates, either run them or check with your IT. This, and checking that your antivirus is up to date should be a daily ritual for you, at the very least weekly. It only takes seconds to check and can help to prevent one of the leading causes of cyberattacks.

For the past several years the United States has been the most generous country in history. We’ve given billions of dollars to hackers around the world, and we seem intent on keeping up the pace. Before you become a hacker’s benefactor, you should invest in your security. It really doesn’t just happen to the other guy. 

Be safe and click smart. Thanks for reading.

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.