On January 14, 2020, Windows 7 support will be terminated!

Windows 7 is an obsolete operating system that has not seen any substantial enhancements in over 3 years because Microsoft Mainstream Support ended in January 2015. In a few short months, Extended Support will be terminated by Microsoft for Windows 7 Operating Systems.

What does this mean?

No more bug or security patches! We’ve all seen in recent years that cyber threats have increased exponentially being more sophisticated and devastating, and this trend will continue. Current operating systems supported by Microsoft now receive security patches weekly. Industry experts state that Windows 7 architecture obviously does not meet today’s security standards and therefore twice as likely to experience a breach as Windows 10. So, if you plan to run systems on Windows 7 beyond January 14th, 2020, what is the bottom line? Your organization is vulnerable and liable!

Mitigate your risk now to reduce your liabilities.

Choosing to remain on an unsupported operating system because a strategic software application is not compatible with current operating systems, or any other reason, requires a business impact analysis. The analysis must include realistic estimates for substantial breach including business disruption due to ransomware, theft of PHI, damaged reputation, and loss of business partners. If the decision is made to utilize the obsolete operating system, a realistic migration plan must be developed and adopted to eliminate the obsolete operating systems as quickly as possible. Additional security measures must be implemented to protect, segment and isolate the obsolete systems from the organizations other systems and networks. Also consider your organization’s contractual obligations with other Covered Entities and Business Associates; those who provide or receive PHI from your organization.

Breaches have profound and rapid ripple effects that can severely damage other organizations in our Internet connected world. The liabilities for contractual obligations can be substantial, and businesses today have little tolerance for partners who are breached.

Non-Compliance of Windows 7 after January 14, 2020

HIPAA regulations do not prescribe specific requirements to be compliant such as the length and complexity of passwords, as it was recognized that technology will advance and improve, and should be incorporated to protect patient’s PHI. Utilizing an unsupported operating system in today’s environment is recognized as an extremely high risk , non-compliant, and substantial liability to your organization.

 

Non-compliance affects all state and national security standards including

HIPAA, CCPA, CIS-20 and NYDFS.

Act now to plan and eliminate Windows 7 operating system to reduce your liabilities.

Click here to view this alert in PDF format.