Upgrading Windows 7 Devices Coming Quickly

by | Dec 8, 2019

Healthcare groups still deploying Windows 7 and Windows 2008 have a very short amount of time left to upgrade the operating systems before Microsoft support will be discontinued. Support for both operating systems will cease on January 14, 2019.

As of January 14, 2020, no more patches and updates will be made available by Microsoft so the operating system will potentially be susceptible to attack. Cyberattacks are unlikely to begin the second support comes to an end, but any weaknesses in the operating system discovered after January 14 will remain unaddressed. Exploits could therefore be designed to exploit Windows 7 flaws and through those compromised devices, attacks could be kicked off on other devices on the network. As the number of weaknesses grow, the risk of a cyberattack will increase.

According to Forescout the healthcare sector has the largest percentage of Windows 7 devices of any industry. A report earlier this year indicated 56% of healthcare groups are still using Windows 7 on at least some devices and 10% of devices used by healthcare groups are running Windows 7 or modified versions of the operating system. It has been calculated that approximately 70% of all IoT and medical devices will still be deploying Windows 7 or other unsupported operating systems by January 14, 2020.

The ongoing use of unsupported operating systems is a breach of HIPAA. If a weakness in Windows 7 is exploited after the January 14 deadline and protected health information is exposed, healthcare groups could face a regulatory fine.

Healthcare groups unable to upgrade before January 14 have one solution available to them. Microsoft will be continuing to provide extended security updates to enterprise Windows 7 users for a yearly per device fee. Extended support will be expensive. Microsoft will be charging $25 per device in 2020, $50 per device in year 2021, and $100 per device in 2022. Extended security updates for fee paying enterprises will cease in January 2023.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy