HIPAA Journal: “Patch and Update Computer Software or Face a HIPAA Sanction”
From November 2019
A reminder to all customers and people working in the medical field: failure to apply security patches is a violation of HIPAA. This applies to all technology storing or transmitting PHI. If no more patches are being issued on a piece of software or operating system you are using, according to HIPAA guidelines, “it must be upgraded or changed. Using outdated software is also a HIPAA violation.”
Unpatched software has already led one medical non-profit, Anchorage Community Mental Health Services to pay $150,000 in a settlement due to 2700 individuals having their data exposed. Though this case was settled in 2014, it remains relevant today as a reminder to be up to date on your software.
For more information, see the full HIPAA Journal article.