Hotfixes and Ransomware

In Ep 304 – Privacy Questions Everywhere of the Help Me with HIPAA podcast, the ‘HIPAA SAY WHATTTTT??’ segment actually addresses the topic of one of my recent blogs. In the blog post, Cover Your Thinning Threads, I review Donna’s and David’s podcast about why you need to stay up to date on patching your software. And, our awesome podcast listener, George, made a very good point that in the not so long ago SolarWinds attack, it was the “hotfixes” (aka patches) that were infected. The big question that all IT and MSP grapple with is the timing of installing software and hardware patches. Should it be done immediately? Should they be tested before deploying? Should they be rolled out slowly? George’s team had not applied the hotfixes yet and therefore were not affected by the SolarWinds attack. Sooooo, Donna and David, what about that? It all comes down to there is not one blanket statement that will fix everything. Each decision to add, remove, change, or update software should be evaluated. You need to get your IT Team or Managed Service Provider involved and evaluate what’s the best plan. Nothing is ever one practice fits all. Thanks, George, for keeping Donna and David on their toes!

In the rest of Ep 304 – Privacy Questions Everywhere, you will hear Donna and David talk about a recent, and ongoing, ransomware attack on Scripps Health and how NOT to handle patient communications on Facebook. Here is a link to the Scripps Health Facebook feed. There are so many examples of what not to do here. But there are very real stories of how ransomware affects everyone and can create a life and death situation. Just one example is of a lady with a rare brain disorder who needs her medical records sent to another medical practice for further treatment. This lady can’t get them. It is heartbreaking. If you are a provider of care to a community, you have to protect your patients information. You have to face the fact that you will be attacked at some point, but the impact can be drastically reduced if you have an incident response plan to address not only the incident itself, but also how you will continue to take care of patients and recover from the event. This episode really drives home that “HIPAA is not about compliance, it’s about patient careTM