Skip to site content
U.S. Department of Health and Human Services
Office of Information Technology (OIT)

Updating Your Software

Image of data flowing into a phone.On June 11, 2020, the IHS Chief Information Officer, Mitch Thornbrugh, sent out a memo, High Value Asset Patching and Reporting [PDF - 293 KB], that stated “The Indian Health Service (IHS) is responsible for ensuring the confidentiality, integrity, and availability of data stored on its information systems and is also required to comply with Department of Homeland Security (DHS) directives. IHS has an obligation to provide appropriate protection against threats such as ransomware, viruses, and other exploitable vulnerabilities. This obligation is especially important for information systems that are considered vital to IHS’ primary mission.” This memo outlined IHS patching requirements for IHS information systems.

Our devices contain a wealth of information about our online activities, personal data, and even our banking and financial information. Regularly updating the software on your devices is one of the easiest and most basic ways to protect yourself from cyber threats.

Update image.Software and operating system updates that address security vulnerabilities or enhance security features within a program or product are known as patches. Some software, most notably operating systems, is programmed to automatically check for and install updates. In this case, a user or administrator must consent to the automatic updates. Once the appropriate person has given that consent, the vendor automatically sends, or “pushes” updates to the approved device. If your software allows automatic updates, the Cybersecurity and Infrastructure Security Agency (CISA) Exit Disclaimer: You Are Leaving www.ihs.gov  recommends that you take advantage of them.

Other software requires “manual” updates. This means that the user or administrator must visit the vendor’s web site to download and install software. If your software does not allow automatic updates or if you have opted out of them, frequently check the vendor’s websites for updates.

Two robots talking.

Make sure that you update software from only trusted vendors and never update any software, including applications, from a link in an email or sent to your device as this may compromise your security. Never download documents claiming to be updates from an email or text message. These frequently contain malicious code that could compromise your security and could even lock you out of your device and hold your information for ransom. For software that doesn’t automatically update, access updates only from a trusted vendor’s web site.

On occasion, a company will discontinue a software product and no longer provide updates for it. This is known as the product’s “end of life.” CISA recommends that users replace any software that has reached its end of life with software that a vendor still provides updates for.

Download button.CISA recommends that you use the following best practices for software updates:

  • Enable automatic software updates whenever possible. This will ensure that you install software updates as quickly as possible.
  • Do not use unsupported end-of-life software.
  • Always visit vendor sites directly rather than clicking on advertisements or email links.
  • Avoid software updates while using untrusted networks.
New vulnerabilities are continually emerging. The most effective measure you can take to protect your computer, phone, and other digital devices is to keep your software up to date.