Deadline for Upgrading Windows 7 Devices is Fast Approaching

Healthcare organizations still using Windows 7 and Windows 2008 only have a few days to upgrade the operating systems before Microsoft stops providing support. Support for both operating systems will come to an end on January 14, 2020.

From January 14, 2020, no more patches and updates will be released by Microsoft so the operating system will potentially be vulnerable to attack. Cyberattacks are unlikely to start the second support is stopped, but any vulnerabilities in the operating system discovered after January 14 will remain unaddressed. Exploits could therefore be developed to exploit Windows 7 flaws and through those compromised devices, attacks could be launched on other devices on the network. As the number of vulnerabilities grow, the risk of a cyberattack will increase.

According to Forescout the healthcare industry has the largest percentage of Windows 7 devices of any industry. A report earlier this year suggested 56% of healthcare organizations are still using Windows 7 on at least some devices and 10% of devices used by healthcare organizations are running Windows 7 or modified versions of the operating system. It has been estimated that approximately 70% of all IoT and medical devices will still be using Windows 7 or other unsupported operating systems by January 14, 2020.

The continued use of unsupported operating systems is a violation of HIPAA. If a vulnerability in Windows 7 is exploited after the January 14 deadline and protected health information is exposed, healthcare organizations could face a regulatory fine.

Healthcare organizations unable to upgrade before January 14 have one option available. Microsoft will be continuing to offer extended security updates to enterprise Windows 7 users for an annual per device fee. Extended support will be costly. Microsoft will be charging $25 per device in 2020, $50 per device in year 2021, and $100 per device in 2022. Extended security updates for fee paying enterprises will come to an end in January 2023.

Author: Steve Alder has many years of experience as a journalist, and comes from a background in market research. He is a specialist on legal and regulatory affairs, and has several years of experience writing about HIPAA. Steve holds a B.Sc. from the University of Liverpool.