Upgrading software is a pain! Updates seem to pop up at the most inopportune time. You have to budget time to download the patch and then your system is out of commission for 30 minutes to an hour, and what do you get? Another patch.
How important are those patches anyway? Well, if a software company has taken the time to send you a security patch, it’s pretty important. This means someone found a vulnerability in their program, and your server or workstation is a sitting duck.
We know how you feel – if it ain’t broke, don’t fix it – especially when it comes to your software. Upgrade one thing and it all comes down like a house of cards. But, in this instance, it is VERY important for your HIPAA security that you upgrade to the latest version of Internet Explorer, NOW!
Why is Microsoft Discontinuing Support for Internet Explorer?
With Microsoft 10’s release, they have completely redesigned their browser platform and moved to Microsoft Edge. With this change, Microsoft announced that as of January 12, 2016, “Only the most current version of Internet Explorer available for a supported operating system will receive technical supports and security updates.” They explained that, “Internet Explorer 11 is the last version of Internet Explorer, and will continue to receive security updates, compatibility fixes, and technical support on Windows 7, Windows 8.1, and Windows 10.”
What Does That Mean?
This means that everyone needs to upgrade to Internet Explorer 11, Microsoft Edge or another browser as soon as possible. If you are using an earlier version of Internet Explorer, you are NOT HIPAA compliant, and your devices are now a major security risk. Software updates and patches are an important part of HIPAA compliance, and should not be taken lightly!
HHS recently fined Anchorage Community Mental Health Services $150,000 for failing to patch software on their systems. It was discovered they were “running outdated and unsupported software,” and exposed over 2,700 individuals’ PHI.
“Successful HIPAA compliance requires a common sense approach to assessing and addressing the risks to ePHI on a regular basis,” said OCR Director Jocelyn Samuels. “This includes reviewing systems for unpatched vulnerabilities and unsupported software that can leave patient information susceptible to malware and other risks.”1
What Should I Do?
The first step is to check to see which version of Internet Explorer you are using. Here’s how to check:
- Open Internet Explorer
- Press ALT + H
- Click- About Internet Explorer
If if you are using a version of Internet Explorer other than 11, it’s time to upgrade posthaste! Talk to your IT professional before you upgrade your devices. Upgrading can be tricky for some folks, especially if you have lots of plugins activated for Internet Explorer. Old plugins aren’t always compatible with Internet Explorer 11, and can break that application.
What About Automatic Updates
The most popular web browsers (Firefox, Chrome, Safari), including Internet Explorer can easily be configured to automatically update. Go to the Settings Menu on your browser, and select Automatic Updates. Make sure you talk to your IT professional before you set this up. They may want to review configurations before they allow you to push these updates.
How to Stay on Top of Security Updates
Staying on top of security updates of all kinds is crucial! This is not only for HIPAA Compliance, but is a best business practice.
HIPAA requires you to have a Risk Assessment and document how you are going to address vulnerabilities, like software patching; therefore, you are required to have a documented Software Updating Plan that is clearly communicated to your staff. Some of the questions you will be answering are:
- Who is responsible for updating software?
- How often do you check for updates?
- How soon are updates required to be installed?
- Do you periodically audit devices to make sure they are up-to-date?
Need help performing a Risk Assessment and creating Security Policies and Procedures that contain a software updating plan? Contact us for more information.