As a reminder, Microsoft Server 2008/R2 & Windows 7 is coming to an end, and so are its tech support and updates. Microsoft’s reminder announcement poses a significant cybersecurity threat to any healthcare IT infrastructure running on Microsoft Server 2008/R2 & Windows 7:
“The specific end of support day for Windows 7 will be January 14, 2020. After that, technical assistance and software updates from Windows Update that help protect your PC will no longer be available for the product. Microsoft strongly recommends that you move to Windows 10 sometime before January 2020 to avoid a situation where you need service or support that is no longer available.” [Source: Microsoft]
This requires significant action if any assets in your organization operate on Microsoft Server 2008/R2 & Windows 7. Otherwise, your cybersecurity posture is at risk.
Potential Cybersecurity Risks
Microsoft’s decision to shift their focus and tech support resources to Windows 10 brings with it significant cybersecurity risks and makes any assets running Windows 7 extremely vulnerable to malware and cyber attacks.
After January 14, 2020:
- No assets running Microsoft Server 2008/R2 & Windows 7 will receive any technical support.
- No Microsoft Server 2008/R2 & Windows 7 software will be updated.
- No assets using Microsoft Server 2008/R2 & Windows 7 will get any security updates. [Source: Microsoft]
After that date, there will be no new protection, and no software updates, for any of your assets running Microsoft Server 2008/R2 & Windows 7. Simply put, these machines will no longer be protected from hackers, malware, and other breaches that could put client data or electronic health records at risk for vulnerabilities that may arise after the final updates are released.
What Microsoft Recommends
Microsoft’s chief recommendation is to transition the assets to Windows 10 on hardware designed to run efficiently and support Windows 10.
While upgrading from Windows 7 to Windows 10 is possible in theory, upgrades would require:
- A compatible hardware asset and;
- A full version of the Windows 10 software
Since upgrades may not be possible on all assets, the best decision you can make for greater cybersecurity and decreased risk of cyber attacks is to deploy Windows 10 to assets that can support the newer operating system.
The recommendation for Microsoft Server 2008/R2 is to migrate to Microsoft Azure in the near term to maintain support free of charge.
“Customers who use Windows Server 2008 or Windows Server 2008 R2 products and services should migrate to Microsoft Azure to take advantage of 3 additional years of Critical and Important security updates at no additional charge and modernize when ready. For environments other than Azure, we recommend customers upgrade to the latest version before the deadline.” [Source: Microsoft]
Guidance for Migration
We know that migrating to a new operating system can be a headache, but it’s the best option to avoid putting sensitive healthcare data at risk.
Since software and security updates happen so frequently, it’s most prudent to run and maintain assets and systems that can support, install, and run those updates correctly, without downtime or service interruption. Upgrades are a significant investment, but a wise decision when your top priorities are secure client services and ethical patient care.
Fortified Health Security is ready to help you navigate the questions and decisions ahead of you as you transition away from Microsoft Windows 2008/R2 & Windows 7 and toward a new operating system. Whether you’re:
- Planning/implementing an upgrade
- Segmenting unsupported assets
- Utilizing Endpoint Detection and Response technology
- Prioritizing asset and system improvements
- Considering cybersecurity monitoring options
Our team is here to assist as you protect your most valuable healthcare IT assets. Have questions or concerns about support ending? Contact us today for assistance so you can have greater peace of mind moving forward.