Automated Patch Management for Endpoints: Ensuring Compliance in Healthcare and Education Sectors

Anjan Gundaboina

doi:10.63530/IJCSITR_2024_05_02_010

Authors

Anjan Gundaboina Senior DevsecOps and Cloud Architect, USA. Author

DOI:

https://doi.org/10.63530/IJCSITR_2024_05_02_010

Keywords:

Patch Management, Compliance, Healthcare IT, HIPAA, FERPA, Automation, Machine Learning

Abstract

Automated patch management has become a critical factor in an organisation's security compliance plan and is perhaps more essential in industries such as the healthcare sector and education due to sensitive information. In the context of this article, we widen our understanding of patch management and describe an original, general approach to an automated patch management system as a solution for endpoint protection. Here, we highlight the issues with compliance with rules and regulations such as Healthcare in Information Technology, HIPAA (Health Insurance Portability and Accountability Act), and FERPA (Family Educational Rights and Privacy Act). It also evaluates the practices that are currently being used, their issues and why there is a need to automate the process to fix them. This new model also involves patch deployment procedures, ongoing compliance checks and endpoint health checks. This roughly entails the use of machine learning in deciding the prioritisation of patches and risk analysis. Employing practical datasets concerning both sectors, the effectiveness of the proposed approach was shown. We determined that we have accumulated 45% in assimilation of notable vulnerabilities within the least amount of time and decreased compliance violations by 32%. Finally, the issue of potential future work is discussed and includes the development of AI-enabled patch testing and the decentralised verification of compliance solutions.

References

Boda, V. V. R., &Immaneni, J. (2023). Automating Security in Healthcare: What Every IT Team Needs to Know. International Journal of Artificial Intelligence, Data Science, and Machine Learning, 4(2), 46-56.

von Stockhausen, H. M., & Rose, M. (2020, March). Continuous security patch delivery and risk management for medical devices. In 2020 IEEE International Conference on Software Architecture Companion (ICSA-C) (pp. 204-209). IEEE.

Wu, R., Ahn, G. J., & Hu, H. (2012, January). Towards HIPAA-compliant healthcare systems. In Proceedings of the 2nd ACM SIGHIT International Health Informatics Symposium (pp. 593-602).

Chen, J. Q., &Benusa, A. (2017). HIPAA security compliance challenges: The case for small healthcare providers. International Journal of Healthcare Management, 10(2), 135-146.

Achieving Continuous Compliance with Automated Patch Management, jetpatch, online. https://jetpatch.com/blog/patch- management/automated-patch-management-for- continuous-compliance/

Kovalenko, M., Rusnak, A., &Lomonosov, D. (2021). Ways of ensuring the compliance of the activities of higher education institutions with modern challenges. Baltic Journal of Economic Studies, 7(5), 104-113.

Kwon, J., & Johnson, M. E. (2013). Security practices and regulatory compliance in the healthcare industry. Journal of the American Medical Informatics Association, 20(1), 44-51.

Cairns, A., &Yarker, Y. E. (2008). The role of healthcare communications agencies in maintaining compliance when working with the pharmaceutical industry and healthcare professionals. Current medical research and opinion, 24(5), 1371-1378.

Dissanayake, N., Zahedi, M., Jayatilaka, A., & Babar, M. A. (2022). Why, how and where of delays in software security patch management: An empirical investigation in the healthcare sector. Proceedings of the ACM on Human-computer Interaction, 6(CSCW2), 1-29.

Yadav, G., Gauravaram, P., Jindal, A. K., & Paul, K. (2022). SmartPatch: A patch prioritisation framework. Computers in Industry, 137, 103595.

Gerace, T., &Cavusoglu, H. (2009). The critical elements of the patch management process. Communications of the ACM, 52(8), 117-121.

AhmadiMehri, V., Arlos, P., &Casalicchio, E. (2022). Automated context-aware vulnerability risk management for patch prioritisation. Electronics, 11(21), 3580.

Zhu, X., Healey, R. G., &Aspinall, R. J. (1998). A knowledge-based systems approach to the design of spatial decision support systems for environmental management. Environmental management, 22(1), 35-48.

Dissanayake, N., Jayatilaka, A., Zahedi, M., & Babar, M. A. (2022). Software security patch management systematic literature review of challenges, approaches, tools and practices. Information and Software Technology, 144, 106771.

Yoon, S., Yoon, H., Zahed, M. A., Park, C., Kim, D., & Park, J. Y. (2022). Multifunctional hybrid skin patch for wearable smart healthcare applications. Biosensors and Bioelectronics, 196, 113685.

Wu, T., Wu, F., Qiu, C., Redouté, J. M., &Yuce, M.R. (2020). A rigid-flex wearable health monitoring sensor patch for Iot-connected healthcare applications. IEEE Internet of Things Journal, 7(8), 6932-6945.

Gunn, P. P., Fremont, A. M., Bottrell, M., Shugarman, L. R., Galegher, J., &Bikson, T. (2004). The health insurance portability and accountability act privacy rule: a practical guide for researchers. Medical care, 42(4), 321-327.

Automated Patching & Endpoint Management, srccybersolutions, online.https://srccybersolutions.com/solution/automated- patching

Goel, S., Kiran, R., &Garg, D. (2012). Vulnerability management for an enterprise resource planning system. arXiv preprint arXiv:1209.6484.

Saffady, W. (2020). Managing information risks: threats, vulnerabilities, and responses. Rowman& Littlefield.