As technology charges ahead, it lets go of yesterday’s products. Next year—April 8, 2014—Microsoft will cease to support its XP operating system. What does this mean for organizations using XP? According to Microsoft, “There will be no more security updates, non-security hit-fixes, free or paid assisted support options or online technical updates.”
This will result in security and compliance risks, warns the company: “Unsupported and unpatched environments are vulnerable to security risks. This may result in an officially recognized control failure by an internal or external audit body, leading to suspension of certifications, and/or public notification of the organization’s inability to maintain its systems and customer information.”
Alan Brill, senior managing director of Kroll, a New York-based security firm, warns that for provider organizations still running XP, “It’s going to be hard to be compliant with HIPAA [Health Insurance Portability and Accountability Act], because HIPAA is not big on the idea that you are running an operating system with known major security deficiencies.” He adds that many people in the security industry believe that bad guys are saving up security holes that they have found in XP, and they are not going to use them until Microsoft stops XP support.
Brill advises: “If I were a CIO of a hospital, I would make sure that I have a really good inventory of any XP systems that were under my control, and have a plan to upgrade to something else.”
While it is true that the end-of-life date was announced a long time ago—at least since 2012—that date is now right around the corner.
