You’re rummaging through your attic and find a prehistoric piece of technology; an old laptop from 2009. You probably didn’t expect me to describe a ten-year-old laptop as an ancient instrument. But technology advances fast.
The average lifespan of a laptop is 3-5 years depending on the parts it came with.
If you booted up the computer you found in your attic, nostalgia would wash over you. The screen would wave the familiar flag of it’s Windows 7 operating system (OS). You’d then find yourself navigating through its sheen, transparent user-interface.
If you were a huge fan, you’ll be sad to know that this operating system’s lifespan is coming to an end. This is critical information for any business that has devices running out this dated software, especially those within healthcare.
In this blog piece, I’ll help walk healthcare organizations through how to prepare for the Windows 7 end of life date coming January 2020. Here’s what that means and what you can expect…
A Brief History of Windows 7
Windows 7 debuted on October 22, 2009. It came 3 years after Microsoft’s arguably worst operating system of all time, Vista. If you remember, Vista was so bad that Apple released an ad pointing fun at “the V-word.”
The new OS had a promising release ahead. While tinkering with the operating system throughout its beta, Engadget described it as, “a strong step forward.”
At it’s prime, it was everywhere. It was the most popular OS in the world until December 2018, six years after Windows 8 and three years after Windows 10 was on the market. For this overthrow in popularity to take place, Microsoft pushed hard.
The company allowed users to upgrade their devices to Windows 10 for an entire year. They also teamed up with Intel, HP, Dell, and Lenovo for one of their most aggressive marketing campaigns to date.
Present-day, 28% of all PCs still run on the decade-old system. This is an interesting stat given that Microsoft will no longer extend support to devices using the OS on January 14th, 2020.
But while Microsoft’s toasting to the successful lifecycle of one of their most popular operating systems, healthcare companies should ensure their IT structure is up to date.
What is End of Life Software?
There comes a time in every software’s life when a company decides to no longer support it. Companies decide this for many reasons but it has to do with the product’s life cycle. Microsoft tries to make these dates as available as possible, they even have a product life cycle database.
In short, a product life cycle looks like the first hill of a thrilling roller coaster. It gets developed alongside passengers or users, slowly climbs up the mountain of growth, matures at its peak and rushes down through its decline.
At the point of decline, rather than go through a loop de loop, companies publish an end of life (EOL) announcement. Microsoft made its EOL announcement for Windows 7 on March 12, 2019.
This was the second announcement from Microsoft about support for Windows 7. Mainstream support for the OS ended five years ago. Before this stage, the company would add new features often. After January 13, 2015, the system moved into its “extended support” phase. During this phase, it’d only receive patches for security threats.
After January 14th, 2020, the OS will no longer receive or support…
Requests for features
Feature releases
Technical support
Bug fixes
Hotfixes
Official Training
Security patches
This is the standard procedure for what happens to software moving into the EOL phase of its life cycle.
If you’re curious, here’s the end of life dates for Microsoft’s major operating systems…
Windows 98 - July 11, 2006
Windows Millennium Edition - December 31, 2004
Windows 2000 - July 13th, 2010
Windows XP - April 8, 2014
Windows Vista - April 10, 2012
Windows 7 - January 14, 2020
Windows 8 - January 2023
Windows 10 - October 13, 2026
Running Healthcare on EOL Devices
This isn’t some sort of Y2K scenario. When January 14, 2020 rolls around, your devices using the outdated system won’t short-circuit or self-destruct. They’ll work as you intend them to, at least for a while.
By far, the biggest threats to running on any operating system after it moves into EOL involve cybersecurity.
Security updates used to happen all the time to Windows 7 devices, they went unnoticed. While you were busy streaming the number one song in October 2009 I Gotta Feeling by the Black Eyed Peas on your new laptop, Microsoft kept your data safe with 1,000s of security updates.
But as stated above, security patches will no longer happen to these devices. Hackers especially want the information stored on healthcare devices. Once the EOL date comes, they’ll do whatever they can to gain access.
Once they’re in a healthcare company’s system, they’ll either…
Download and sell personal health information (PHI) on the dark web
Lock the company’s entire system and request a ransom (ransomware)
Either scenario is a possibility but ransomware continues to prove itself as hackers go-to option for healthcare.
Every operating system has security vulnerabilities, even if they’re decades old. It’s not that they don’t have any more security loopholes, it’s that hackers haven't found them yet.
How HIPAA Views EOL Software
Let’s say you continue to run your practice on Windows 7 after the end of life date. Months go by and everything runs as it should. Until one morning.
You’re not a large practice so you outsource any IT work to a good friend of yours. On that morning he comes in to conduct his quarterly scan and finds that your entire system’s injected with spyware. A hacker recorded every piece of information entered into your computers for the last three months, including protected health information (PHI).
If something like this happens, it’s a HIPAA breach. The government won’t care that you didn’t have the means to upgrade your system to Windows 10.
As a healthcare entity, you’re held accountable for taking reasonable practices to protect your patients’ data.
Using an operating system after its end of life date because you didn’t get to it or couldn’t budget for it doesn’t fall under a “reasonable practice.”
Migrating Away From Windows 7
If you have some systems that you haven’t upgraded to Windows 10 yet, don’t worry. You still have time to migrate and update, but it's a smaller window.
The hardest solution to migrate into a new OS within healthcare is your Electronic Health Records system. Implementing this technology is always a long process, there’s a lot involved. But before you do anything, you’ll need to check your systems’ compatibility.
If it’s been a long time since you changed or upgraded your EHR, you’ll run into compatibility issues. But there’s no way of knowing without running your system through Microsoft’s compatibility mode.
Checking to see if your systems will run on a new OS is the first step toward migrating to Windows 10. After all, you’ll want to update your systems with the least amount of disruption as possible.
After locating those systems or devices that aren’t compatible, you’ll have to back up any data stored on them. Buy an encrypted external hard drive or USB, back up all the device’s data, and then properly wipe the data.
Wiping any data on your old systems can get tricky, especially if you don’t know how to do it the right way. Contact your local e-waste. Drilling holes in your hard drives isn’t a cure-all.
While migrating your devices, you’ll want to stay in contact with an IT professional or even a managed service provider (MSP). They’ll be able to walk you through the process.
Post-EOL Migration Strategy
After completing the mound of work involved with upgrading all of your outdated equipment you should celebrate. You’ve finished a huge project. But keep in mind you’re not done.
You’ll need to update everything again in a few years. But it doesn’t have to be hard.
What operating systems your current devices use
When they were last updated
When their EOL date is
The last time you checked compatibility
Every quarter, refer to this master document. To make your future migrations easier, you’ll have to think ahead.
Conclusion
If you’re a healthcare company running on outdated software, it’s time to update your systems. Period. You owe it to your patients to protect their data. It’s your responsibility.
If your IT systems still run on Windows 7, you’re not in trouble yet. But your time is running out.
Migrating your IT infrastructure isn’t a small task, it may require you to outsource if you’re not tech-savvy. But starting now will save you thousands of dollars in potential fines.
Getting hit with HIPAA breach because you run your practice EOL software will eventually happen if you don’t start now.