by Wyn Staheli, Director of Research
July 16th, 2014
Officially, after April 8, 2014, technical assistance for Windows XP will no longer be available (see discontinuing support for Windows XP). This means that there will be no more automatic updates protecting your PC and even though your computer will still work, the problem is that without these updates, it becomes more vulnerable to security risks and viruses.
Even if you have encryption and anti-virus software on your Windows XP computer, it won't help because the problem is related to the flaws in the operating system itself. Encryption protects communication to and from the computer, but not the computer itself. Anti-virus can help protect a computer, but that depends on what security flaws might be found in XP after Microsoft no longer supports it.
Here's what happens from the 'hacker' perspective. Microsoft releases an update (patch) for a supported operating system. Hackers review those patches and see if that same vulnerability exists in the old operating systems that are no longer supported. If so, then your old, faithful, reliable XP computer becomes a prime target no matter what encryption or anti-virus you have installed on it. If you have a security breach on that XP computer, you have not implemented appropriate safeguards to meet the HIPAA requirements.
If you still have reservations, read the following article which was written by an Information Technology (IT) service provider:
Before making any upgrades there are some key points to remember:
- Version choice: Windows 7 or 8 are your best options. Switching to Windows 8 has some distinct advantages when it comes to encryption, however, some IT professionals say that it has it's own share of problems because it is a newer operating system.
- Your software: Talk to your medical billing software and/or EHR vendors to determine which Windows version they recommend to ensure compatibility.
- Discarding: Your old computer(s) cannot be discarded without taking the HIPAA required steps of completely wiping the system. Just un-installing software is insufficient and can lead to a breach.
- Learning curve: It takes time to learn a new operating system. Factor in extra time to adjust to the new system. Take classes if necessary.
Don't wait. With all the changes coming for ICD-10, do not put off this important task. You don't want to deal with two learning curves at the same time.