What Does Microsoft 'End of Life Support' mean for your Healthcare organization?
In order to comply with Health Insurance Portability and Accountability Act (HIPAA) regulations it is critical that Healthcare organizations use appropriate measures to keep any personal and medical information of employees and patients safe and secured. Healthcare organizations face many potential security threats to the electronic patients records that they maintain regardless of where these records are stored (in-house or hosted offsite).
The best way to identify possible security vulnerabilities is to conduct a risk assessment on all your information technology systems that touch electronic Protected Health Information (ePHI) on a regular basis, which includes verifying software versions and patches with the latest supported by your vendor of choice. Software that runs information technology systems can become outdated quickly and needs to be updated periodically to ensure they function as intended. As vulnerabilities are discovered, patches and updates are made available by their developers. It is critical that these patches and updates are downloaded and installed to ensure that the information technology systems continue to be protected against known vulnerabilities.
Based on the HIPAA Security Rule, when these systems are no longer supported by their vendors, they become open to new threats, vulnerable to cyber-attacks, and are no longer acceptable to HIPAA policies. Non-patched systems, according to HHS’ Office for Civil Rights, violates the HIPAA Security Rule, because it leaves these systems vulnerable to threats and attacks because they are no longer supported. Identifying and mitigating the risks these unpatched systems pose to ePHI is important to ensure the protection of ePHI and in fulfilling HIPAA requirements.
By failing to upgrade your systems once they go out of support, healthcare organizations run the risk of creating major compatibility issues, delays in scheduling software upgrades, costly data breaches resulting from security vulnerabilities, and data loss.
If your organization uses Microsoft SQL Server 2008/2008R2, Windows Server 2008/2008R2, and/or Windows 7, the end of life support from Microsoft has either passed or is coming very soon.
- Windows SQL Server 2008 - Support ended July 9, 2019
- Windows Server 2008 - Support ends January 14, 2020
- Windows 7 - Support ends January 14, 2020
In order to ensure that your software receives security updates from Microsoft, it is crucial that you upgrade your systems to a version that is supported by Microsoft. If you have any questions regarding system compatibilities, please contact us at email@example.com
Tom “IT Tom” Brawley
Director of Technology/Compliance Officer