Are Your Information Systems Up to Date? Failure to Update Systems Leads to Massive Equifax Breach
Today’s post continues to enforce how important it is to keep your systems fully up to date. It has now been uncovered that the massive data breach at Equifax that exposed confidential data for over 140 million people was accomplished by exploiting a vulnerability that had a patch available for more than two months at the time of the breach. In fact, it was fixed on March 6th. On March 9th it was known and revealed that the vulnerability was under widespread attack by hackers. Unfortunately, Equifax did not heed apply the patch or heed the warning that the exploit was under active attack.
Vulnerabilities and the details of them are often fully explained and documented by the various security companies that search for vulnerabilities very close to the day that a patch is released for it. Some vendors, such as Google, with their Project Zero, only gives vendors 90 days to release patches for reported vulnerabilities before their details are made public. This means they may even release the details, including proof of concept code to exploit the vulnerability, before a patch is available. If it wasn’t bad enough there was a vulnerability that some hackers likely knew about in the first place, now the whole world knows and any hacker can start to work attacking systems.
This fact underscores the importance of keeping your systems up to date and in an extremely timely manner. It is very likely in many cases that some hacker groups are aware of a vulnerability before a security firm discovers it and reports it to the vendor. After all, that is what they do, look for vulnerability so that they can take advantage of them. So, this means that even before the vendor knows someone is probably already using the vulnerability. Once a vulnerability is reported to a vendor they usually work quickly to create an update that will “plug the hole”. That vendor then releases the update and if a system is enrolled in automatic updates users are given the chance to install this update. However, some users do not enroll in automatic updates or leave their computers off during the time updates might be automatically applied. There is some inconvenience involved in applying updates, systems often must be rebooted, it takes time to download the updates, apply them, etc. However, as we can see, failing to do so can have dire consequences as we have seen recently with Equifax. Keep in mind too that healthcare data is prized by hackers, so as a healthcare provider, you are particularly at risk.
HealthWare can help you determine where you vulnerabilities lie and provide solutions to help you protect your confidential information. Visit us www.healthware.com or better still contact us now at https://www.healthware.com/contactus or call us at 850-479-9035 and find out how HealthWare can help you.