HIPPA and the End of Windows 7
Back in January, Windows 7 reached end-of-life. This doesn’t cause your Windows 7 computer to stop working. However, without support and updates, Windows 7 will slowly, but surely, develop security holes. Any software unable to be updated is by default HIPAA non-compliant and that includes any computer still using Windows 7.
Windows 7: The End.
On January 14, 2020, Microsoft ended support for Windows 7. This means that Windows 7 will no longer receive the critical security upgrades it needs to be resistant to cyberattacks. While it is still early days and your Windows 7 installs are still relatively secure, as time goes on this will no longer be the case. Make no mistake: if you’re still using Windows 7 (and you’re connected to the Internet), it’s not a matter of if you will be hacked, but of when.
What Does Windows 7 EOL Mean for HIPAA?
HIPAA (Health Insurance Portability and Accountability Act) states that all software used by organizations bound by it, must remain current and updated by the software vendor. This is because software which isn’t updated is vulnerable to being exploited by hackers, compromising any systems which have it installed. If there aren’t any updates, the software must be abandoned, as it can no longer be secured and remain HIPAA compliant.
Since Microsoft is no longer updating Windows 7, a HIPAA-mandated business using it can’t, by definition of the security act, be HIPAA compliant. This is not a grey area, subject to interpretation. In fact, just having one system using Windows 7 on your network will violate HIPAA regulations, as the one system can provide a gateway into the entire network and place your patients’ personal information at risk.
Is Windows 7 Really a Security Risk for HIPAA?
As of January 14th, 2020, it is. No software is perfect and most software has vulnerabilities which just haven’t been found yet. The longer a piece of software is out in the wild, and remember (Windows 7 is a decade old) the more opportunities hackers have to search for security holes. When software vendors update (patch) a vulnerability, it is in response to security holes being found and closed (hopefully) before a hacker can take advantage of them. Established companies are constantly developing updates for security issues they find.
So yes, while your patients may not know you’re still using Windows 7, you are putting their data at risk, and putting your practice in jeopardy. Every time you expose your system to the internet, your out-of-date Windows 7 will be a red flag to hackers who can’t help but be attracted to your unprotected network.
Your Practice is Not HIPAA Compliant if You are Using Windows 7
As Windows 7’s support is no longer available, there is no longer a path to update its security holes. This lack of support means sooner rather than later, Windows 7 installations will become vulnerable to being attacked. To go further, even if there is only one Windows 7 based device connected to your network, it renders your entire system in violation of HIPAA.
This is because any data you have on your network will be at an increasing risk for compromise due to still using Windows 7. So yes, If your practice is still using Windows 7, you are no longer HIPAA compliant. If you’re breached and your clients’ data is compromised because you’re still using Windows 7, you will have little means to defend yourself from scrutiny, as you’re not using best network security practices.
It’s Time for a Network Audit
Protecting people’s personal data is considered one of the primary responsibilities in the medical field and was one of the drivers for the creation of HIPAA. If you fail to take adequate safeguards as required by HIPAA, your practice will face stiff penalties; financial and criminal. You cannot continue to use Windows 7 and remain HIPAA compliant, this means you must either purchase new Windows 10 computers or upgrade your existing devices from Windows 7 to Windows 10.
We recognize this is easier said than done, but you don’t have to go it alone. Directive has the experience to help you not only ensure your medical business is HIPAA compliant, but we can help any business as they transition from Windows 7 to Windows 10. To schedule a Free IT Consultation or Free Network Assessment call us today at 607.433.2200!