With less than a year left before Microsoft pulls the plug on its still-widely used operating system (OS) Windows XP, companies must have a migration plan or risk facing compliance issues, warn analysts.
Microsoft will end support for Windows XP and Office 2003 by 8 April, 2014. The software giant warned on its website that “If your organization has not started the migration to a modern desktop, you are late.”
Windows XP End Of Life means Microsoft won’t be releasing any more security updates to the average user. You may be asking, why this will be important and that is a great question. Any security flaws that hackers find will not be be fixed. This is a big deal because spyware, Trojans and viruses can create a huge threat to your business. Windows XP will be nearly 13 years old! It is old technology and just was not built for the modern digital age. It’s going to be a serious change for many people. In most cases it’s going to mean a new computer, upgraded software and possibly new accessories like printers and scanners.
If your organization runs credit cards and needs to comply with PCI (Payment Card Industry), you will need to upgrade. You may be thinking what this end of life has to do with PCI compliance. It is stated in PCI DSS Requirement 6.1 that all system components and software are protected from known vulnerabilities by having the latest vendor-supplied security patches installed. Unfortunately, you will be unable to do this on Windows XP once Microsoft stops creating security patches in April 2014.
For organizations with HIPAA concerns, this is even more of an issue because a breach can costs hundreds of thousands of dollars or more in fines, remediation and lost revenue. The same thought process with PCI mentioned in the previous paragraph is mentioned by HIPAA under Administrative, Physical and Technical Safeguards. Without the latest in security patches, you can no longer ensure your system is up to date to protect it from the vulnerabilities. A recent study showed that you can cut your risk of getting malicious software on your network by 80% if you are up to date on all security patches.
For healthcare practices, the effects of Microsoft’s decision may be more significant. All signs are pointing to the idea that computers in healthcare practices running WindowsXP after April 8, 2014 will NOT be HIPAA compliant. This is primarily due to the increased security risk. While the computers will still run, Practice Administrators and IT professionals will no longer be able to certify the entire network as compliant.
You may ask whether you will need new computers to upgrade to Windows 7 or Windows 8. I would recommend against upgrading to Windows 8 as most dental software and digital imaging products do not support that version. My recommendation would be to replace any computers running Windows XP with a brand new computer if the current system is older than 3 years. The reasoning behind this is a computer older than 3 years is usually out of warranty and has a much bigger chance of hardware failure. In addition, the cost associated with upgrading successfully includes labor and software.