Dealing with the unsupported Windows XP What Should You Do? A White Paper by:
Windows Vulnerabilities XP has substantial and HIPAA design Compliancy vulnerabilities Make that put Upgrading an entire organization Mandatory for and Your its data Practice at risk. What is this all about? After 12 years, support for Windows XP and Office 2003 ended on April 8, 2014. Microsoft stopped providing security updates or technical support for the Windows XP and Office 2003. Are you at risk? Yes, if you are still running Windows XP and Office 2003, you are no longer able to receive security updates, support, or hot fixes. This means your systems are now extremely vulnerable to malicious software and HIPAA compliancy issues. Why are you at risk? Without critical Windows security updates, your systems are vulnerable to harmful viruses, spyware, and other malicious software which can steal or damage your business data and information. This means your office is now non-compliant for HIPAA. Anti-virus software can not fully protect your systems, as Windows XP and Office 2003 are no longer supported by Microsoft. Are there any additional concerns? Yes, many software and hardware vendors are not able to support their products that are running on Windows XP, since they are unable to receive Windows XP and Office 2003 updates from Microsoft. Is Microsoft providing any support for emergency situations? Unfortunately, No! When problems arise, online and phone-based technical support are not available, even in emergency situations.
Address this issue right away! What are the costs if you do not upgrade? Most importantly, your office will be non HIPAA compliant. The ramifications of HIPAA non-compliancy are huge and very costly. Furthermore, the chance of having costly downtime, system failure and business disruptions will increase due to lack of support. Support for applications that run under Windows XP is also scarce. This is increasing the threat of malware and virus attacks that are going to exploit the unsupported Windows XP or Office 2003. What has happened now that XP end-of-life is here? Here are some practical implications: a) Microsoft has stopped sending you fixes and patches For all supported versions of Windows, Microsoft regularly provides automatic fixes and patches to correct and address the discovered shortcomings, security vulnerabilities and other problems and issues that arise. Many of these updates are part of the regular and periodical set of patches that Microsoft releases on the second Tuesday of every month, typically through Windows Update program that is part of Windows. Now, with the end-of-life of XP, Microsoft does not provide any such fixes and patches. b) Microsoft has stopped providing technical support Microsoft also is not offering any technical support assistance for Windows XP, even for businesses like yours. Microsoft is typically the final step in the escalation process for IT support organizations trying to resolve problems with Windows, but this line of defense has now disappeared forever for Windows XP. c) Microsoft has stopped distributing security updates Besides providing fixes, patches to the flaws in Windows, Microsoft regularly provides security updates to address security and vulnerability issues. Now, Microsoft does not provide any security updates for XP, which results in making every XP system non-compliant with HIPAA for protecting patients PHI that PC s can access. Any newly discovered vulnerability or attack will be very costly and problematic for you and your patients.
The impact of using only one Windows XP PC in your office is jeopardizing the HIPAA compliancy of your entire practice! d) Hardware manufacturers will stop supporting hardware for XP One final implication relates to the hardware, third-party software and peripherals that have been designed for Windows XP. With Microsoft s lack of support for XP, all other hardware and software manufacturers will also begin to phase out the support and development of Windows XP drivers. Some have already done so. Should you upgrade your existing PCs? If upgrading does not mean a full replacement of the hardware then, the short answer is: No! Here are some of the reasons why it would not be a good idea to upgrade the old systems. Generally, the practical usage of a desktop to function properly (and optimally) is between 3 to 5 years. If your PC is using Windows XP, chances are that it is too old to have an adequate amount of RAM, hard-disk storage and processing power to run Windows 7. Additionally, by the time you add the costs of a new OS, additional hardware upgrades, and labor, you will be spending more money upgrading than you would being buying a whole new Windows PC. Windows 7 or Windows 8? What to upgrade to? Today, almost all of our clients are running their EMR/EHR and PM applications under Windows 7. While Windows 8 has been out for a while, many businesses have not yet adapted it for use in their offices. In a broader scope, worldwide, almost half of all desktops (47.5%) are running Windows 7. This percentage for Windows 8 is only 11%. It s worth bearing in mind that Microsoft s extended support for Windows 7, including free security updates, will continue through the year 2020. c
Simply put, the longer you wait, the more you spend. How to buy Windows 7? While, Microsoft no longer sells Windows 7 through its own website, you can purchase brand new systems, both desktops and notebooks, with preinstalled Windows 7 Professional. Are there any alternatives to buying PCs? Yes! There is a way of eliminating the need of ever buying PCs. You may be a good candidate to use Thin Clients in place of PCs. For more than a decade, we have offered this technology to our clients from Microsoft. This technology is called: Terminal Services or Remote Desktop Services. By utilizing this technology, you eliminate the need of ever buying PCs, as well as the need of ever upgrading and replacing them, again and again. Additionally, this technology will offer you central management capabilities for reducing overall IT costs. You will also be able to better protect your IT system against malware and viruses. Please contact us so we can discuss this technology with you in further detail. Can you wait and deal with this issue later? No! If you are using Windows XP, then you should know that the costs of not addressing this issue are too high. The costly downtimes, system failures and business disruptions are too high because of the loss of Microsoft's support, and the increasing threat of malware and virus attacks that are going to exploit the unsupported Windows XP and Office 2003. Most importantly, your office is no longer HIPAA compliant. The ramifications of HIPAA non-compliancy are huge and very costly.
Don't be concerned about the cost of replacing your XP PCs, worry about the high cost of keeping them! Summary: Now that the support for Windows XP and Office 2003 has ended, it means that there are no more security updates or technical support for the Windows XP and Office 2003. Without these essential security updates, many vulnerabilities are left unaddressed, which means your entire computer system can be compromised and be exploited by malware. At this point, your office is considered to be non-hipaacompliant. It is imperative for you to replace these systems with new ones that are running Windows 7 Professional. These new systems, besides meeting the security guidelines for HIPAA compliancy, will offer you the benefit of improved performance, resulting in higher office productivity. What to do next? While this whitepaper offers you general guidelines, understanding that this paper cannot address your unique and specific situation. We invite you to reach out to us, at no cost or obligation, to discuss your situation, questions and concerns. We can help you put together a plan to address this issue as soon as possible. You can call us or reach us by email: Call: John Needham: 614-396-5257 Email: jneedham@nexuspracticeit.com About Nexus: Nexus Practice IT Services was founded in 2001 to serve medical practices with solutions specifically tailored to their needs. Nexus provides superior managed technology services operating as an IT department so that clients can focus on their patients and their business.