Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

Your Unpatched Software Is Making You a Target

Remember hearing about Spectre and Meltdown in late 2017? They were the software flaws that affected almost all 2008 and newer processors, affecting millions of devices. The flaws themselves were in the processor chips, which allowed hackers to gain access to parts of computers’ memory. Will computer systems ever be rid of bugs? Probably not, but you can stop those flaws from affecting your system if you make patching a priority and are diligent in your patching process.

Patching your software is so important, in fact, that the Health and Human Services Office for Civil Rights (HHS OCR) recently published an entire newsletter regarding software vulnerabilities and patching. What makes patching so difficult for companies? Let’s take a look at patching woes and what you can do to streamline your patching process. The patient information you’re legally bound to protect is worth it.

What Makes Patching So Hard?


What makes patching so difficult? Like many things, patching takes time. You have to take time out of your already busy schedule to fix something that hasn’t yet caused you a problem. For many, the sheer “out of sight, out of mind” and “if it’s not broken, then don’t fix it” mindsets are enough to push patching to the bottom of your “to do” list.


One individual operating system or software application may have hundreds of new vulnerabilities each year, each of which needs to be patched. Add to that the fact that almost every program has a different patching method, and you can quickly get overwhelmed.


Patching goes hand in hand with stopping and restarting the software, and sometimes includes completely rebooting your system. To most, the thought of being “down” for any amount of time can affect client care and, ultimately, your bottom line. It’s no wonder that one of the biggest deterrents of patching is the sheer complexity and potential downtime of applying patches on systems that cannot easily be taken offline because of the information they store. Any group that regularly uses software 24×7 and contains patient information must take great care when deciding when to install patches. For many, that time never comes. To add to the issue, many software applications have auto-update mechanisms, but administrators and users often disable or ignore auto-update routines to avoid service interruptions or other unintended consequences.

Then there’s the interruption in workflow once a patch is installed. Will the patch affect employees’ work processes and negatively affect the office routine?

With the amount of time it takes to install patches, the potential number of patches, and the downtime patching can create, is patching worth it? The short answer? Yes. Why? In a nutshell, these small, painstaking sacrifices pale in comparison to the damage that a virus or malware could do to your business.

Your Patching Plan

Make patching a part of your regular business plan, and it won’t be as overwhelming. Consider following these steps offered by HHS OCR to make applying patches more manageable.

    1. Evaluate patches – does the patch apply to your software/systems?
    1. Test patches – if you can, test patches on an isolated system to determine if there are any unforeseen or unwanted side effects, such as applications not functioning properly or system instability.
    1. Approve patches – Once patches have been evaluated and tested, approve them for deployment.
    1. Deploy patches – schedule patches to be installed on live or production systems.
  1. Verify and Test patches – after deployment, continue to test and audit systems to ensure that the patches created no unwanted side effects.

Yes, patching takes time and can be a nuisance. But think of it like going to your yearly physical with your doctor. Just as it can do for you, preventive care can extend and secure the life of your company before something catastrophic hits.

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)