Windows 7 Support to End on January 14, 2020
As your trusted healthcare safety advisor, we wanted to bring an important software issue to your attention. This article is intended to raise awareness of an upcoming deadline for Windows 7.
We encourage you to share this article with anyone at your organization who oversees technology and security.
Microsoft ended its mainstream support for the Windows 7 operating system on January 13, 2015 but continued to provide extended support for its users. This extended support will be expiring on January 14, 2020.
Prior to this change in support, we are advising healthcare organizations to review all systems/software using the Windows 7 environment to determine if they can be migrated to a newer operating system as soon as possible.
Using unsupported operating systems can lead to a security incident and may result in a virus or malware attack, and potential privacy breaches. Provided below is a high-level explanation as to the differences between mainstream support and extended support.
- Mainstream Support: During this support period, Microsoft adds new features and takes care of bug fixes, security updates, design changes, and warranty issues.
- Extended Support: The extended supports begins after the expiry of mainstream support. During this period, Microsoft provides less support, focusing only on bug fixes and security patches.
What does this mean?
Windows 7 will no longer receive security updates from Microsoft. This will leave the operating system vulnerable for security threats such as virus, malware, and cyber attacks. Healthcare organizations using Windows operating systems that are no longer supported need to move to a supported-operating system.
What can a healthcare organization that uses Windows 7 do?
If you haven’t already done so, it’s time to prepare for Windows 7 End of Life. At this time, HIROC recommends healthcare organizations undertake the following steps:
- Tally all systems/software that are used in the Windows 7 environment and assess if they can be migrated to a newer operating system as soon as possible.
- Decide if Windows 10 is the right solution for your organization and work with your Information Technology teams and senior leaders on a migration plan. This option is ideal as it provides the least disruption. A thorough analysis needs to be done to ensure adequate resources are available for the upgrade. Please note that older hardware may not work well with Windows 10, and Windows 10 licenses can be quite expensive.
- Review alternative operating systems. Some organizations may decide to move to an alternative cost-effective operating system that is supported. Undertaking a cost-benefit analysis will help determine the best solution for your organization.
- Identify all systems/software that cannot migrate to a newer environment and contact their vendors to start building a contingency plan.
- Back up your files, data and documents regularly. Regardless of your migration strategy or timeline, this is a good time to review and test your data backup and recovery strategy. If the upgrade to another operating system does not go well or if you lose access to your systems due to a cyber attack, you should be able to recover your files, data, and documents.
- If you are planning to continue using Windows 7, HIROC recommends that you subscribe to the Windows 7 Extended Security Updates. Microsoft’s Extended Security Updates for Windows 7 will start on January 14, 2020 and will end on January 10, 2023. This extended security program is being offered by Microsoft for a fee.
Above all else, this information should help foster a dialogue around IT security practices at your organization.
Here are some additional resources that may be helpful to you and your team:
- For further details about Microsoft’s Windows 7 Extended Security Updates, please visit the Microsoft Support Lifecycle FAQ – Extended Security Updates
- HIROC resource: Cyber Risk Management – A Guide for Healthcare Administrators and Risk Managers
If you have any questions, please contact Kopiha Nathan, HIROC’s Privacy and Compliance Officer at email@example.com.