by  Volodymyr Yelchev

Patch Management: Healthcare’s Ransomware Vaccine

clock-icon-white  3 min read

Think of patch management as a vaccine—updating patches to your systems increases your immunity to ransomware hacks.

By contrast, unpatched systems born out of obsolete patch management systems are a cyber attacker’s dream. Outdated software leaves holes through which greedy hackers can slip through to reach sensitive data and hold your systems hostage. As a reference point, the Equifax data breach—the ransomware attack that leaked the PII of 143 million people back in May—was caused by an unpatched version of Apache Struts.

download pdf

And WannaCry? Numerous machines at the UK National Health Service were running on Windows XP, a system Microsoft hasn’t supported in years. Though Windows quickly issued specific security patches after the security breach, this sort of action cannot be taken for granted.

To be sure, patch management is a complex process and isn’t easy. Scheduling updates on your personal laptop is easy enough, but finding vulnerabilities in the sprawling systems that house healthcare data is another thing entirely.

In fact, one of the reasons that healthcare organizations are so vulnerable to unpatched attacks is a result of systems running on various versions of software throughout the business. And while this certainly isn’t unusual for the industry, if the s ystems aren’t standardized to the same OS and application software then they become more susceptible to vulnerability.

Add these intricacies to the costs of updating systems and the in-house expertise to perform them and it’s no wonder why healthcare businesses do not have comprehensive patch strategies in place.

But according to the 2017 Ponemon Cost of Data Breach Study, healthcare data breaches cost organizations $380 per record—more than 2.5 times the global average of $141 per record throughout other industries.


Comparatively, patch management reduces the risk of data theft, data loss, and even legal penalties—not to mention patient trust and loyalty. And the benefits don’t stop there: An efficient system can come with performance improvements to products they apply to, frees up your IT staff to do other important tasks, and ensures compliancy with regulatory standards.

For healthcare organizations, part of the patch management process includes assessing how different patches interact, and that different patches don’t affect the operability of your business.

At SoftServe, we rely on our security experts to give our clients the best and most current defense against ransomware attacks.

Our core group of security experts includes Certified Ethical Hackers and PhDs in security-related fields. We give your organization the tools to better manage their security risks through patch management, security assessmen ts, penetration testing, security awareness training, and more. And we make it our mission to know as much or more about exploiting security vulnerabilities as criminal hackers.

Learn more about preventing ransomware attacks in our latest white paper, “The Cure for Ransomware Attacks on Healthcare.”

download pdf