Healthcare companies that still use Windows 7 and Windows 2008 must upgrade their operating systems because Microsoft will stop giving support starting on January 14, 2019.
On January 14, 2019, Microsoft will not release patches and updates anymore making the operating system vulnerable to attackers. There probably won’t be any cyberattack the moment support stops, however any operating system vulnerabilities identified after January 14 will not be addressed. Attackers could exploit the Windows 7 vulnerabilities in compromised devices and launch attacks on all devices linked to the network. The risk of cyberattacks will grow in proportion to the number of vulnerabilities found.
As per Forescout, the industry that uses the most number of Windows 7 devices is the healthcare industry. A report at the start of this year showed that 56% of healthcare companies still use devices running on Windows 7. Moreover, 10% of the devices used by healthcare companies still use Windows 7 or its identical versions. It is expected that by January 14, 2020, around 70% of all IoT and healthcare devices will continue to use Windows 7 or other operating systems that are not supported.
Using unsupported operating systems violates the HIPAA. In case of a Windows 7 vulnerability exploitation after January 14, healthcare companies will face a regulatory penalty if protected health information (PHI) is exposed.
Healthcare companies that cannot upgrade prior to January 14 have another option. Microsoft will still provide extended security updates for users of enterprise Windows 7 but they will pay an annual fee per device. The cost of Microsoft’s extended support will be high and will only be available until January 2023.
- $25 per device in 2020
- $50 per device in 2021
- $100 per device in 2022