How Will the End of Support for Windows 7 Affect Cybersecurity in the Healthcare Sector?
Windows 7 was released to manufacturing on July 22nd, 2009 and became officially available for widespread install on October 22nd of the same year. The release was intended to be an incremental upgrade to previous Microsoft Windows systems thanks to a redesigned taskbar that allowed an application to be "pinned", as well as new window management features. Although Microsoft ended mainstream support for Windows 7 in January 2015, they maintained extended support, which came to an end as of January 14th, 2020.
What does this end to support mean?
The end of support for Microsoft's Windows 7 program means that no further security updates will be available, therefore increasing cybersecurity vulnerabilities.
What is the relation to the healthcare industry?
According to Health IT Security, most organizations in other sectors have steadily shifted to Windows 10 in recent years, however, 56 percent of healthcare industry providers still rely on legacy Windows 7 systems. One glaring side effect of this fact is loss of HIPAA compliant status for healthcare entities still using it due to cybersecurity vulnerabilities.
What is the future risk?
As Clyde Hewitt, Executive Advisor of CynergisTek, states, ..."all *known* vulnerabilities have been patched by Microsoft. However, the next vulnerability to be discovered will not receive a patch from Microsoft."
Relating the situation to personal reality, Hewitt goes on to say that, "it'll be like calling the 9-1-1 center and everyone has gone home. When the next vulnerability is identified, there will be no one on the phone with Microsoft. The service will be over, and organizations are going to have to fend for themselves and implement compensating controls."
What next steps should IT departments take?
Clyde Hewitt believes that hospitals need to develop a plan to ensure that providing care, accurate billing, payroll and scheduling all remain functional, even during a cyber event.
IT and security leaders should accelerate conversations surrounding a Windows system upgrade with upper management. In the meantime, strengthening firewalls and increasing user training may help to avert potential new cyber threats.
Researchers found that just 44 percent of those organizations within the healthcare industry have implemented Windows 10. The healthcare sector is the most Windows-dominated industry, and has been slow to adopt Windows 10. A lack of resources and IT staffing deficiencies are considered the main reasons why the transition from legacy platforms is not always possible.
The end of security patches for Windows 7 has now come and gone, and does not mean vulnerabilities in cybersecurity are "knocking at the door." It does however mean that increased vulnerability with little to no help could be possible in the future. This is simply not a risk that healthcare organizations should be taking while responsible for protecting the often-sensitive data of their patients.