Do you have one of the approximately one million Windows computers that are at risk to the Blue Keep vulnerability, which could lead to a HIPAA data breach?
The Blue Keep vulnerability has been known for months, and Microsoft has issued a security update to patch this vulnerability in the Remote Desktop Protocol (RDP) for Windows XP, Windows 7, Windows Server 2003, and Windows Server 2008. If you are running any of these operating systems and haven’t installed the security update that was released by Microsoft on May 19, 2019, you are vulnerable to a Blue Keep exploit.
Several security researchers have warned that exploits using the Blue Keep vulnerability are expected at any time because workable exploits and detailed instructions on how to produce them have been published on the internet. That means that criminals now have the code to exploit the Blue Keep vulnerability to hack into computers that have not been updated, leading to potential HIPAA data breaches, such as ransomware attacks.
"Install the latest Windows security updates." It's a task on each of our clients' monthly HIPAA Security Risk Management checklist for servers, desktops, and laptops. That’s because it is one of the most effective ways to reduce the likelihood of malware, ransomware, and other malicious attacks on your computers. Failure to install security updates can lead to HIPAA violations and penalties – one covered entity paid $150,000 because of a breach that could have been prevented if security updates had been installed.
Remember, HIPAA Security isn’t limited to a one-a-year audit and staff training; compliance requires continuous evaluation of threats and security measures through the implementation of an ongoing risk management plan.