Technology provider Insight Enterprises is urging healthcare technology leaders to take urgent preventative steps to address data risks arising from the pending end of service for Microsoft Windows Server 2003.
Within three months, on April 14, Microsoft will end its support services for MS Windows Server 2003 operating system. It will phase out support and no longer provide critical support, automatic fixes, updates, or technical assistance.
Healthcare institutions have a choice of either upgrading to a newer, supported operating system, or replacing servers or transitioning IT operations to a cloud-based service.
Speaking at Healthcare Information and Management Systems Society (HIMSS) Annual Conference at McCormick Place in Chicago, Insight pointed out that many healthcare institutions which still widely use the OS, risking the loss of sensitive data due if critical steps are not taken.
"The end of service for Microsoft Windows Server 2003 presents one of the most far-reaching risks to health data we have seen," said David Cristal, vice president of Sales, Public Sector and Healthcare at Insight Enterprises.
"We are connecting with healthcare leaders here at the Healthcare Information and Management Systems event to help them understand and then address the end of service so we can limit the risks of exposing sensitive health data."
Sharing insights on how to protect information stored on millions of computer servers from cyber attacks and data loss, Cristal added: "It doesn’t matter if the operating system is an integral or minor part of a data center, the risk is the same.
"The healthcare and technology industries are working together to make sure the data center holes big and small are filled so attackers can’t gain control and severely exploit this issue."
Patient data has been at high risk due to increasing data breaches. Department of Health and Human Services data shows that since 2009, the personal health record data of 120 million people has been compromised during 1,100 separate breaches.
Insight stressed that failure to address MS end of service will significantly increase the risk of a "material breach" for these organisations, which also seem to be corroborated by a recent alert from the U.S. Department of Homeland Security that said computer systems running the unsupported Microsoft Server 2003 OS are exposed to heightened cybersecurity risks such as malicious attacks or electronic data loss.
A separate Microsoft research last year reported 23.8 million instances of Windows Server 2003 running on 11.9 million physical servers worldwide.