Good Morning! It’s Patch Tuesday, the day that all IT professionals and business owners half dread, but we know it’s on top of the “to-do” list. Today, Microsoft will release their July 2016 security patches to the IT community.
“So what?” you say. “What does HIPAA have to do with patch management?” HIPAA has critical compliance requirements towards maintenance and storage of private customer health information. Protecting enterprise systems from endpoint vulnerabilities that arise from un-patched applications and software is an important requirement of HIPAA patch compliance.
To maintain HIPAA compliance, you must ensure your systems are patched and maintained. But how often? As a 16-year IT professional myself, I’ve seen it all, from quarterly or monthly patching, to yearly patching (which I do not recommend!) Personally, I recommend monthly patching of workstations, servers, and notebooks. So where do I get the list of patches for the month?
Personally, I turn to Microsoft TechNet to get a summary of released patches for the month. Open this page and bookmark it!
There are a lot of great details in these summary bulletins, so take some time to review and see how the new patches will impact your business.
As for Apple OS X, we all know that Apple will not discuss or confirm security issues until a full investigation has occurred. This is a very different approach than the Microsoft “patch it all” approach. But you must stay on top of your OS X computers as well. You can find Apple security bulletins here.
I know testing patches and deploying them can be challenging. ProHIPAA can help you review your patching strategy and create a plan to simplify deploying critical security patches. Contact us today to get your environment secure and compliant.