risk for failing deadline

Windows 7 is Not HIPAA Compliant

You can avoid falling off this cliff if you act now. If you’re still using Windows 7 it’s time to upgrade to Windows 10 – and no, this is not sponsored advertising!

You need an upgrade to stay compliant with HIPAA.

On January 14, 2020 – 35 days from today, Windows 7 reaches the end of its life. This means that Microsoft will no longer provide the following:

  • Technical support for any issues
  • Software updates
  • Security updates or fixes

Your computer will run, but it is vulnerable to malware and viruses, and in healthcare, you will no longer be HIPAA compliant. If you have Windows 7 at home, it’s a good time to upgrade – malware and viruses cause damage at home too.

Cybercrime Hits Outdated Software Hard

Having outdated software is an invitation to criminals. It sounds harsh but it’s true. If your software is out of date, this should be a top budget priority to prevent catastrophic losses and HIPAA breaches.

One of the largest worldwide cyber attacks occurred in 2017 – called WannaCry. The hackers broke into businesses all over the world, and one of their targets was healthcare institutions. In the U.K., the criminals entered relatively easily because the British National Health Service (NHS) was using Windows XP (out of service since 2014) which was unpatched and vulnerable. In the U.S., large hospitals, manufacturers, educational institutions and governments were hit. Shockingly, even today, the NHS admits they still have not converted all their computers to Windows 10 – the plan is to have it completed by April 2020, four months after support for Windows 7 expires.

Windows 7 is Still Running on Lots of U.S. Government Computers

Too many organizations still do not prioritize cybersecurity. In June, 2019 a report from a Senate subcommittee on security revealed that computers in federal agencies like the Departments of Homeland Security, Transportation, the Internal Revenue Service and the Social Security Administration, among others are running out-of-date software and therefore are at risk.

Healthcare Organizations Have Added Risks with Windows 7

A surprising number of healthcare organizations still use Windows 7. It may be for budget reasons, time constraints or simple lack of knowledge. But the cost of an upgrade is tiny compared to the cost and disruption of a cyber attack.

WannaCry isn’t over – it still circulates. In June, 2019 a report revealed that 40% of healthcare organizations and 60% of manufacturers were hit by WannaCry during the preceding six months.

Although many organizations remain vulnerable, all covered entities and business associates are required to comply with HIPAA. Using outdated software that you are unable to patch is a HIPAA violation.

Even if your software is still being serviced, when the software provider, like Microsoft or Apple, sends you updates and patches you need to install them right away to maintain cyber protection and reduce your risks.

Cyber attacks are on the rise and hackers are creative – while it may be impossible to prevent all intrusions, simple steps can greatly reduce the risks. And it’s required by HIPAA.

You should also have strong anti-malware and anti-virus protection on all of your devices, and have a system for daily redundant backups of your data. The best defense against ransomware are electronic backups, out of reach, unconnected to your IT infrastructure.

Follow The HIPAA E-Tool® for Help with HIPAA

If you’re speeding toward a cliff you should change course.

The Risk Analysis and Risk Management plan, like the one in The HIPAA E-Tool® provides a safe alternative. It lays out the steps to prepare and reduce the likelihood of a successful cyber attack. Then, if one happens, how to manage it to get back in business.

And answers from experts are a click or phone call away.

The HIPAA E-Tool® makes compliance fast and easy. Get your free HIPAA Quick Start Kit, complete with a webcam privacy guard, HIPAA Hot Zone labels and a HIPAA checklist delivered directly to your office.

Share This Post

Share on facebook
Share on twitter
Share on linkedin

Maggie Hales

Maggie Hales is a lawyer specializing in health information privacy and security. As CEO of ET&C Group LLC she advises health care providers and business associates in 36 states, Canada, Egypt, India and the EU, using The HIPAA E-Tool® to deliver up to date policies, forms and training on everything related to HIPAA compliance.

Copyright © 2020 ET&C Group LLC.

The HIPAA E-Tool® and Protecting Patient Privacy is Our Job®
are registered trademarks of ET&C Group LLC

3534 Washington Avenue, Saint Louis, MO 63103
Terms of Service | Privacy Policy

Powered by JEMSU

You may have questions about COVID-19 and HIPAA. We have answers. 

We are open and answering questions about all the new modifications and waivers, coming from HHS, OCR, CMS, and the new CARES act.

If you need help with HIPAA during the COVID-19 pandemic, fill in the form, and we’ll get back to you.

Free hipaa kit!

hipaa compliance Quick start kit
Delivered free