Are you concerned about HIPAA regulatory compliance? If you are still using Windows XP? Then you are about to fall out of compliance. As mentioned in earlier posts, Windows XP will no longer be supported by Microsoft. Yes, if this is the first you have heard of this, your time is running short to make a change.
When you prepare for a major change such as the OS of your desktop computers, then you need to have a full change and release solution in place. And getting a solution up and running with out of the box ITIL ready processes should not be a huge project on its own. Check out the offer below to get a change solution in place quickly and be able to move onto the real problem - replacing Windows XP now.
Are you ready for the end of Windows XP?
There have been several excellent articles lately directing current XP users to migrate ASAP. Last week there was mention of Zero-Day Attack.
A zero-day (or zero-hour or day zero) attack or threat is an attack that exploits a previously unknown vulnerability in a computer application, meaning that the attack occurs on "day zero" of awareness of the vulnerability. This means that the developers have had zero days to address and patch the vulnerability. Zero-day exploits (the software and/or strategies that use a security hole to carry out a successful attack) are used or shared by attackers before the developer of the target software knows about the vulnerability.
In a recent article, Growing HIPAA Threat - Ignore Windows XP at Your Own Peril, by Marion K. Jenkins, PhD, FHIMSS, the growing threat to HIPAA compliance is laid out for the medical community.
If HIPAA Security, ICD-10, EHR updates, and the explosion of mobile applications were not enough for you to worry about from a health IT standpoint, you need to be very concerned about a real danger that is likely lurking throughout your facility - computers and servers running old versions of Microsoft operating systems. In most cases these are definitely DNR (Do Not Resuscitate) issues.
"How long do I have, doctor?" Starting in less than a year, April 8, 2014 to be exact, Microsoft will no longer provide any support whatsoever for Windows XP, which was the most ubiquitous desktop and laptop operating system in Microsoft's history, with hundreds of millions of copies sold since 2001. That means that in less than a year from now, security updates and virus patches will cease. That means that practices will be in a real threat to viruses, Trojans, and other security vulnerabilities, because all the bad guys in cyberspace know that millions of computers will be unpatched. Those practices that do not take action will become an easy target for back-doors and other entry points on millions of networks around the world.
And in early 2015, Microsoft Server 2003, which also currently runs on millions of servers, will also stop getting any patches or updates.
"How widespread is the disease?" Even though Microsoft stopped selling Windows XP nearly 5 years ago, recent studies have shown that the percentage of active devices running Windows XP is still nearly 40 percent , just slightly behind the numbers for Windows 7, and those numbers have remained nearly constant for the last several months. Exact figures are not readily available on how many actual devices are represented, but we have observed that nearly every medical facility has multiple instances of Windows XP and/or Server 2003 running within their environments.
And the article by Jeff Brady, Running Windows XP means you are non-compliant and open to liability, he explains why you need to migrate now.
Information Technology Pros in the healthcare industry may want to get a head start on their spring cleaning. Microsoft extended support for Windows XP ends on April 8, 2014. After this date, Microsoft will not release any security patches or updates for Windows XP. This will effectively make Windows XP non-compliant with HIPAA / HITECH after Microsoft support ends.
Windows XP was released August 24, 2001 and has been widely deployed in homes and corporate environments alike. In the Healthcare arena, XP may be found on workstations used by clinical staff, CT machines, and other critical medical devices.
Most of these devices are connected to the network to connect to EHR/EMR systems, so simply disconnecting them is not an option. In addition, many of these devices are running old and proprietary applications that may not run on a newer operating system such as Windows 7 or 8.
What can an IT pro do when faced with this dilemma?
I suggest that you migrate and migrate quickly as your HIPAA compliance is at risk.