Microsoft will not provide support anymore for Windows 7, Windows Server 2008, and Windows Server 2008 R2 starting on January 14, 2020. Microsoft will not release any more patches to correct OS vulnerabilities. Office 2010 will not be supported as well.
Microsoft will update the operating systems on January 14, 2020 and fix all known vulnerabilities, however, it will just be some time before cybercriminals would find exploitable vulnerabilities to steal information and install malware.
Although Microsoft gave notice about the end of life of the operating system long ago, it remained the second most utilized operating system after Windows 10. NetMarketShare reported that in December 2019, 33% of all desktop and laptop computers use Windows 7.
A lot of healthcare companies continue to use Windows 7 on some devices. The persisted use of those devices even without support increases the risk of cyberattacks and consequently HIPAA Security Rule violation.
The obvious resolution is to upgrade Windows 7 to Windows 10, though that might not be easy. Besides buying licenses and updating the OS, hardware might also need upgrading and certain applications might not function on more recent operating systems. The upgrade is consequently a major task that could require a lot of time.
If it’s not possible to update Windows 7 and Windows 2008 systems, steps must be taken to secure the devices and lessen the probability of a compromise and the effect of a cyberattack.
To minimize the odds of a compromise, the following best practices should be observed:
Stop Windows 7 devices from linking to untrusted content. This means that the devices should not be used for browsing the web or accessing email accounts. Avoid using removable media and portable storage devices as well.
Remove local administrator rights from all Windows 7 units and strengthen firewall protection. Don’t use the devices for accessing sensitive information, like protected health information (PHI). Transfer sensitive data found on the devices to devices using supported operating systems.
Malware infection is more likely to occur on devices that run using unsupported operating systems. Be sure to install updated anti-virus software. Scans the devices for malware regularly and monitor the devices for possible cyberattacks.
Microsegmentation may be beneficial in limiting the resulting harm in case of a compromise. All devices using unsupported operating systems must be separated from other systems and the devices must only be permitted to connect to critical services. Remove access to core servers and systems. Review and modify business continuity plans to make sure that critical business operations will go on in case of a compromise. Although extended support is very expensive, it is strongly advised.
These options can minimize risk, however, they won’t remove it. Organizations must consequently speed up their plans to update their operating systems and computer hardware. Using a supported OS is the only means to completely secure devices.