With each patient interaction, hospitals and providers of healthcare amass sensitive patient data. Every software and hardware tool used to handle and store these data represents a potential path for hackers to infiltrate a system. This article shares how a “patch” or “fix” helps keep systems up to date to meet cybersecurity standards and HIPAA requirements.
Understanding the constant need for patching
Even when starting with new equipment and software, everything—such as a mobile device, computer program, or server—will eventually need to be patched. These patches are installed to:
- Add features: New or improved features are often released as part of a software’s lifecycle.
- Fix issues or bugs: After a piece of software is installed, or an update is applied, new bugs may be identified and fixed with a patch.
- Receive support: Tech support staff will typically ask about a product’s version and latest patch level before providing help. Often, an issue experienced by end users may have already been addressed in a previous patch.
- Improve cybersecurity: A security patch can address critical vulnerabilities in a product or program, to either fix current gaps or proactively update a system before a planned software update.
Planning ahead for patching
In a healthcare setting, any out-of-date device or system may be vulnerable to hacking or other external threats. Given that healthcare institutions have been recently targeted in many ways (ex. ransomware attacks etc.), it’s important to have a thorough plan for patching to cut off any potential pathways for hacking. A patching plan should include several considerations, such as:
- Application management: Can the patch be successfully installed on all devices and, if so, will it require any downtime that may impact patients or patient-facing clinicians?
- Network segmentation: If a system is near end of life, can it be patched? If it cannot be patched, should the network be segmented to minimize risk, or can the system be retired?
- Priority categorization: How critical is the patch? Should it be installed immediately, or can it wait? If installing multiple patches, which one should be installed first?
- Compatibility and early adoption testing: How should the patch be assessed to ensure it doesn’t cause unintended issues at a healthcare facility? Will the patch cause any compatibility issues between connected systems?
Managing applications and protecting patient information
Considering the number of devices and programs used in a healthcare facility and the efforts required for their ongoing maintenance through patching, IT teams should also understand the benefits of avoiding “application overload” as discussed in our article on application rationalization. By streamlining the number of applications and devices and keeping them patched, a hospital IT team or a managed service provider (MSP) can increase their safeguards to protect patient information.
Understand your current—or potential—vulnerabilities with your software and hardware systems. Contact the Pixel Health team to learn more about our application rationalization process and HIPAA assessments.