How Microsoft’s Decision to End Windows XP Support Affects You – HIPAA/HITECH Compliance And More

Window XP Support DiscontinuedIf you haven’t heard the news yet, Microsoft has announced that it will be ending support for Windows XP and Office 2003 on April 8, 2014. As a result, many organizations that have not made the change to a more current operating system or version of Microsoft Office will find themselves in a sticky situation. If you have not already started migrating to a more modern system, you might be too late. However, there is still some time to get your network up on a supported version of Windows and Office, the time to do something about it is now before support ends on April 8th.

What Does “End Support” Mean?

There is a lot of confusion as to what it will mean when Microsoft no longer provides support for Windows XP and Office 2003. Support means security, and in the case of Microsoft, the security patches and updates that your computer network receives will no longer be made. What this does is to effectively make your network non-compliant with HIPAA/HITECH. Most of the computers used are connected directly to the network to connect to EHR/EMR systems, so it is not an option to simply disconnect them.

Another issue, is that many of these systems are running old applications that might not be supported on a newer operating system, such as Windows 7 or 8. To be honest, this is why many consumers have not upgraded from Windows XP – it can be hard to let go of some older applications and there isn’t always a viable replacement that will suit your needs. Unfortunately, the non-compliance issue with HIPAA/HITECH is a much greater issue than any proprietary application that won’t work on the new operating system, so it’s time to get smart and figure out how to make the change before April 8th.

Risk Factors of Using Windows XP Without Support

Some organizations have expressed resolve at sticking with Windows XP and Office 2003, despite Microsoft’s announcement to withdraw support. It is important that you know the risk factors associated with such a decision and what it could ultimately mean to your organization.

  • TechnologyThe most common issue that organizations would face, should they decide to keep using an unsupported operating system is vulnerability. Without security patches being provided to protect your system against known attacks, Windows XP-based systems would be wide open to those attacks, putting the entire organization and all of its data at risk. As you read this, hackers and organized crime groups are working on attacks that they can use against unprotected Windows XP systems. Additionally, using Windows XP will effectively hold your organization back from taking advantage of all the new Intel processors and chip sets that allow for faster wireless networks and other essential improvements.
  • Corporate LiabilityBecause your Windows XP network would be left open to attack, which could result in an APT attack or data breach, there are potential legal issues and corporate liabilities to consider. Certain non-compliance penalties apply in 46 states, including right here in Massachusetts, with each requiring due diligence in an organization’s protection of private information. Any breach that could be traced to use of a Windows XP system after security support has been withdrawn would violate these data privacy laws. Continuing to use Windows XP with Microsoft’s decision to withdraw support being common knowledge, would hinder your organization’s ability to claim due diligence if such a breach were to occur.
  • CostThe bottom line in this situation is typically what affects every decision an organization is forced to make these days is cost. Despite all of the other very important reasons to upgrade your network to Windows 7 or 8, the cost associated with deciding against an upgrade could be substantial. A recent privacy breach that was covered under HIPPA compliance requirements at Idaho State University cost $400,000 to settle and the additional cost associated with notifying all of those impacted cost another estimated $200,000. This is not even counting the public relations costs that are required to overcome such a hit to an organization’s reputation and standing in the community.

It Is Time to Make a Change

While making the upgrade from Windows XP to Windows 7 or 8 can be very costly, depending on how many computers in your network need to be upgraded, the costs and risks associated with continuing to administer, manage and support an XP system are much greater. The time is now to get started developing a plan to get the migration process moving in order to meet the April 8th deadline. Time is running out, but if you act now and begin to put a plan in place to retire your old Windows XP machines, you will be able to keep your organization protected and remain in compliance with the Massachusetts Data Privacy Law.

Integra Network Services can help you come up with a plan that will make the transition to a more secure operating system and improve the security and performance of your IT infrastructure. Our team can provide you with a full report on the computers in your network that are running Windows XP and give detailed information on replacement computers, installation and everything you will need to overcome this unfortunate situation. To find out more about Integra Network Services and the solutions available for organizations who need to migrate from Windows XP to Windows 7 or 8, give us a call 508-482-5510 to reach us at our Milford, Massachusetts location.