Why Your Windows XP Computer Could Become a HIPAA Security Risk

photo by stevendepolo via flickr.comIs your practice using computers that run Microsoft Windows XP? If so, you could be exposing your practice to security risks in the near future.

After April 8, Microsoft will stop supporting Windows XP, its venerable but aged operating system. This means that Microsoft will no longer send you regular software updates to correct new security holes and software bugs.

Will your XP computers suddenly become non-compliant? Not simply because Microsoft is withdrawing technical support. But without software regular patches, your computers may be increasingly vulnerable to the hackers and trolls who scour the internet. Usually they’re seeking credit card and bank account information, but if your system has security holes, they could access your patients’ protected health information more easily.

Will your computers continue to run on XP? If they’re functioning today, they probably will continue to function for a while. But many computer consultants are advising their clients to assess their risk and determine how they will modernize their systems.

Can I upgrade myself? Many computer users have tried upgrading to Windows 7 or 8 on their existing machines, but some have reported the process to be difficult, and sometimes a failure altogether. Many older machines simply don’t have the processing power or memory to run the newer versions of Windows. Sometimes the best solution is to get new hardware. Microsoft does offer brave, intrepid do-it-yourselfers  free data-transfer software.

Our advice? Talk to your computer vendor or consultant, and develop an upgrade plan. Granted, Microsoft derives commercial benefit from this decision, but security-sensitive users are left with little choice.You don’t necessarily have to upgrade today, but it’s not wise to delay the process indefinitely.

  1. Great to see you are covering this much ignored issue. =) I’ve written about this extensively and basically I think it is often understated and misunderstood by those outsite the Healthcare IT/Info Sec community. Windows XP should really be replaced on or before the EOL date or systems cannot claim HIPAA compliance. For more details you might check out my most recent blog post on XP and HIPAA compliance – http://www.evolutionaryit.com/?p=2166

    Keep up the good work!

  1. There are no trackbacks for this post yet.