HIPAA TIP: End of Support / End of Life Devices

How does the old saying go “nothing lasts forever!” Truer words were never spoken.

In a healthcare environment one of the most important areas to keep track of during your annual Risk Analysis or regular assessments is the age of the hardware and operating systems running within the organization.

End of life is defined as a type of software which is no longer supported or maintained by the manufacturer/vendor. Technical support, bug fixes and security updates will no longer take effect. When the vendor no longer releases patching for security vulnerabilities an organization is utilizing vulnerable software, compromising the environment, and leaving the opportunity for hackers to exploit your network.

Threat actors prey on outdated/legacy applications and operating systems as they are an easy target for access into the organization’s environment and, ultimately servers loaded with ePHI or worse: the EMR or Practice Management systems.

Some examples of end of life software and devices include:

• 2008 R2 Servers
• Windows 7 Operating System
• SonicWall Firewalls TZ100 and TZ200 Series
• Sophos XG85 Series
• 2012 Servers will be end of life in October, 2023

Review with your IT company the age of systems, applications and devices, including Windows 10 operating system version that is currently running/in place.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.