Wednesday, June 5, 2013

HIPAA Poses Threat to Your Facility Computers

(This is information was adapted from PhysiciansPractice.com. Read the full article here at: http://www.physicianspractice.com/hipaa/growing-hipaa-threat-ignore-windows-xp-your-own-peril)

Starting on April 8, 2014 Microsoft will no longer provide any support whatsoever for Windows XP, which was the most widely sold operating system in Microsoft’s history. Less than a year from now, security updates and virus patches in those system will stop working. Medical practices will be susceptible to viruses, Trojans, and other security vulnerabilities from hackers who'll know that millions of computers will be unpatched. Those practices that do not take action will become an easy target.

It is estimated that the percentage of active devices running Windows XP is still nearly 40 percent. "Exact figures are not readily available on how many actual devices are represented, but we have observed that nearly every medical facility has multiple instances of Windows XP and/or Server 2003 running within their environments." Some of these devices are still running simply because no one has gotten around to finding and upgrading them, but many are running critical applications that cannot be upgraded for one reason or another.

The obvious implication is that all workstations and laptops running Windows XP will become non-compliant with HIPAA no later than April of next year. If you cannot update your software to protect your systems against malicious software, it is impossible for you to comply with HIPAA Security Rules, and you will have to come off from the Medical Business Associates network by April 8, 2014.

That deadline seems a long way off, but from an IT perspective, it is very close. If you have systems running Windows XP and/or Server 2003, you need to have a thorough review and inventory of all your IT systems, listing risks and vulnerabilities. You also need to upgrade your systems so you won’t be easy prey to hackers.

Labels: ,