On January 14, 2020, Microsoft stopped free support for Windows 7 just as promised. According to a company statement, Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released in 2009, and this 10-year period has now ended. The same is true for Windows Server 2008, and Windows Server 2008 R2.

“The end of support means there will be no more security patches issued leaving the operating system vulnerable to malware and attacks,” explained David Ginsberg, President of PrivaPlan Associates, Inc. “The end of Microsoft support for Windows 7 computers creates a significant risk for HIPAA covered entities and business associates who still operate and use this version.”

While the end of life timeframe has been known for quite some time and, from a security perspective, organizations have had ample time to upgrade or replace their operating system, not everyone has taken that precaution.

According to NetMarketShare, more than one-third of PCs were still running Windows 7 as recently as December 2019, and furthermore, many healthcare organizations are still using Windows 7 on at least some devices. As long as they continue to use these now unsupported devices, they’re at risk of cyberattacks and violating the HIPAA Security Rule.

“We strongly encourage all of our clients to upgrade to the most current version of Windows and request that any of your vendors, especially those that provide diagnostic equipment using a Windows 7 computer, do the same,” Ginsberg said. “The risk to your protected health information is just too great!”

Have questions? Contact your HIPAA experts at PrivaPlan Associates, Inc.