$150K Fine for Unpatched Software: Don’t Let This Happen to YOUR Healthcare Organization
It’s not every day where you see a $150,000 US fine slapped onto a non-profit organization because of software not being patched. Truth is, they were two years overdue on their updates. This isn’t something to take lightly, it affects 2,700 individuals.
Anchorage Community Mental Health Services (ACMHS) failed to take basic risk assessment and, in March, 2012, was infected with malware. This malware compromised the systems of mental health providers, specifically their information technology resources. This could have been prevented if they followed a policy they adopted in 2005. Affecting that big of a population calls for action, that of which they did not take. Now, the ACMHS is being fined for a large sum because they did not take action.
What Prevention Methods Should They Have Taken
It is actually a simple fix, abide by policy and update your systems.Susan A. Miller, an independent HIPAA and healthcare attorney, stated “This is a wake-up call that people should be looking very closely at the security risk assessment tools available from ONC and OCR, as well as NIST [National Institute of Standards and Technology].” She goes on to state “the lesson here is that when a software patch or update is sent by a vendor, they should be applied immediately.”
About Managing Risk
If managing all risks were simple, we wouldn’t have policies in place to abide by. Miller makes a great point by noting all patches should be applied and that technology security should be looked at regularly. Networks and servers also have security issues that need to take looked at. Some can happen because of employees.
Along with the fine, ACMHS is also advised to train all employees on proper security procedures and practices, within the facility. This isn’t the first case, other problems have come across major health institutions in the past.
What You Can Take from This
Monitoring your network is always a priority, but it doesn’t mean you have the time to manage it. Managing a network is the same as managing a business; keeping up to date, employees notified, on top of threats and analyzing data. Here are some actions you can take:
Update all software – operating systems and programs can all have dangerous holes that need patching.
Update firmware – software, but for your computer’s hardware, there is more than one way to get through a system.
Backup all your information – security threats don’t always give you access to your data, having it in a safe place helps.
Create an employee policy – employees bring electronics to work that can compromise your system.
Get an IT support company on your side – focus on your company so you don’t have to worry about client information being stolen or viewed.
Don’t know where to go? Go with someone that has experience with healthcare organizations. Give us a call at (919) 424-2000 or email us at firstname.lastname@example.org. CSP, Inc, keeping disasters at bay while keeping your information safe.
Always at your service to provide the highest level of quality support to our customers.
Anthony Firth Client Engineer
“I’m passionate about building and fostering relationships, and finding solutions for success.”
Michael Koenig Client Account Manager
“I help clients stabilize and grow their IT infrastructure so they can focus on growing their core business.”
Josh Wilshire Systems Engineer Team Lead
“I strive to provide the highest level of quality service to our customers.”
Tommy Williams Sr. Hardware Engineer
“I’m driven by the steadfast belief that technology must serve as a business enabler. This mantra has driven 21
Years of successful partnerships.”
Stephen Riddick VP Sales & Marketing
“CSP doesn’t succeed unless your company succeeds.”
Stephen Allen Inventory Manager
“Through my intuition and genuine concern to help others I have built long-lasting relationships with our customers, co-workers and business partners.”
Scott Forbes VP Support Services
“Every day, I work with clients to help plan the future of their businesses.”
Michael Bowman vCIO
“Your IT problems become our IT solutions.”
Mark McLemore Project Engineer
“Managing internal and external operations to ensure that CSP provides quality and reliable customer service .”
Margie Figueroa Business Manager
“Providing quality internal and externals financial support to our customers and accounting support to CSP.”
Katie Steiglitz Accounting Administrator
“Some call me the CEO. I call myself the Cheerleader for an awesome team!”
William B. Riddick Founder & CEO
“CSP is here to assist you with your IT needs.”
Beth Wylie Inside Sales Manager
Thinking ofHiring A New IT Company?
On What Questions You Need To Ask Before Signing Any Agreement.