Nine critical updates this month; check the Microsoft Security Bulletin for details of September’s Patch Tuesday.
Ready to Patch?
Start -> All Programs -> Windows Update -> Check for updates
Then follow the on-screen instructions.
Customers are advised to follow these security best practices:
- Install vendor patches as soon as they are available; remember to test the patches in a non-production environment first.
- Run all software with the least privileges required while still maintaining functionality.
- Avoid handling files from unknown or questionable sources.
- Never visit sites of unknown or questionable integrity.
- Block external access at the network perimeter to all key systems unless specific access is required.
Not just Security – Compliance & Conformance…
WHY HIPAA & PATCH MANAGEMENT?
HIPAA has critical compliance requirements towards maintenance and storage of private customer health information. Protecting enterprise systems from endpoint vulnerabilities that arise from unpatched applications and software is an important requirement of HIPAA patch compliance.
164.308(a)(5)(ii)(B) – Protection from Malicious Software
A.12.6.1 Management of technical vulnerabilities
Information about technical vulnerabilities of information systems being used shall be obtained in a timely fashion, the organization’s exposure to such vulnerabilities evaluated and appropriate measures taken to address the associated risk.
Candidate must demonstrate that configuration standards are in place that include patch management for systems which store, transmit, or access Electronic PHI, including workstations.
Deploy automated patch management tools and software update tools for operating system and software/applications on all systems for which such tools are available and safe. Patches should be applied to all systems, even systems that are properly air gapped. (See also CSC 4-7, CSC 4-8, CSC 4-9, CSC 4-10)
Changes shall be managed through a change management process for all vendor-supplied patches, configuration changes, or changes to the organization’s internally developed software.
Training solutions include the gold standard HIPAA credential, Certified HIPAA Professional (CHP) and our world’s first compliance and cyber security credential, Certified Security Compliance Specialist (CSCS).
ecfirst is a HITRUST Authorized CSF Assessor.
Many clients engage ecfirst extensively for the flexible services that range from on-demand consulting to its managed compliance services programs that covers training, policies, remediation, risk assessment, technical vulnerability assessments penetration testing and much more.