HIPAA technical safeguards

Microsoft Is Retiring RC4 Encryption in Kerberos: What Rural Hospital IT Teams Need to Know

Submitted by jswank on

If your organization runs on-premises Active Directory (and most rural health care organizations still do), there is a change coming in April 2026 that could break authentication across your environment if you have not prepared for it. Microsoft is retiring RC4 as the default fallback encryption for Kerberos ticket issuance on domain controllers. For environments that have been quietly relying on this decades-old fallback without realizing it, the April cumulative update will disable it by default.

Software Patching as a HIPAA Requirement: A guide to OCRs Expectations for Software Updates

Submitted by Sean Huggans on

Executive Summary

While the HIPAA Security Rule does not explicitly mention "software patching" or "updates," the HHS Office for Civil Rights (OCR) has established through enforcement actions that maintaining current, supported software is a required component of HIPAA compliance. The 2014 Anchorage Community Mental Health Services (ACMHS) settlement serves as the definitive precedent, with OCR explicitly citing the failure to apply patches as a Security Rule violation resulting in a $150,000 penalty.

Tags
HIPAA software patching requirements
medical device FDA cybersecurity
Windows 10 end of life healthcare
rural hospital IT compliance
OCR enforcement ACMHS settlement
healthcare patch management
HIPAA Security Rule updates 2025
medical device patching myths
Windows Enterprise healthcare licensing
FDA validation requirements
rural healthcare cybersecurity
HIPAA technical safeguards
healthcare IT risk management
medical device security updates
critical access hospital compliance
Subscribe to HIPAA technical safeguards