In less than a year—April 8, 2014 to be exact—Windows XP will no longer have Microsoft support, and in 2015, Microsoft Server 2003 follows suit. Hackers and other cyber criminals know this and will use it to their advantage. Because security updates will cease and Microsoft will no longer bail you out to fix issues, your medical data security will be vulnerable to viruses and electronic personal health information hacking.
This is a big red flag to upgrade Microsoft software in your hospital or practice. If you don’t, you will not be sticking to Health Insurance Portability and Accountability Act (HIPAA) requirements. As per HIPAA Security Rule section 164.308(a)(5)(ii)(B), health care entities must have in place “procedures for guarding against, detecting, and reporting malicious software.” Failing to upgrade to a secure operating system means you are using “malicious software” and in violation of adhering to HIPAA Security Rules.
According to the Physicians Practice blog, Growing HIPAA Threat–Ignore Windows XP at Your Own Peril, “Addressing Windows XP and Server 2003 issues will not only make your practice more functional and secure, but it will satisfy HIPAA and meaningful use requirements. And it won’t make you the giant target for hackers, because they will find those systems still running Windows XP and Server 2003 much easier prey.”