December 5, 2018
The New HIPAA Risk: “Failure to Patch”
One more thing to worry about…with so much emphasis on new initiatives like ACOs, big data, MU, etc., it is easy to lose sight of the ‘old’. However, based on the first major fine levied as a HIPAA violation for ‘failure to patch’ and running outdated, unsupported software’ it is essential to have a firm grasp on the inventory of legacy platforms and systems that make up your infrastructure. The exposure of operating systems and appliances that are not updated – or worse, that are no longer supported – is fast becoming a recurring theme on annual risk assessments.
A perfect example is the July 14, 2015 End-of-Life for Microsoft Windows Server 2003. If you’re wondering what the EOL means for you, the bottom-line is this – if you still have Server 2003 running within your datacenter after this date, you will no longer receive any patches or security updates, putting your applications and business at risk. New threats won’t be addressed and your Server 2003 estate will become a security risk and a compliance nightmare.