News Feature | April 28, 2015

Healthcare Needs To Prepare For Imminent Microsoft Server Security Threat

Christine Kern

By Christine Kern, contributing writer

6 Security Laws IT Solutions Providers Should Know

Insight warns technology leaders of risks of failing to address pending end-of –service.

On July 14, 2015, Microsoft will retire service for Microsoft Windows Server 2003, a platform currently in use by many healthcare institutions nationwide. For those institutions not prepared, there could be dire risks ahead, warned Insight Enterprises at HIMSS15.

The U.S. Department of Homeland Security has issued an official alert warning businesses of negative consequences if they do not upgrade their Server 2003 operating systems by the deadline. And Department of Health and Human Services data shows that, since 2009, the personal health record data of 120 million people has been compromised during 1,100 separate breaches.

Attack incidents have increased annually, and if healthcare organizations don't prepare for the end of service for Microsoft Windows Server 2003, the risk of a material breach increases significantly. The U.S. Department of Homeland Security said computer systems running the unsupported Microsoft Server 2003 operating system are exposed to elevated cybersecurity risks such as malicious attacks or electronic data loss.

“The end of service for Microsoft Windows Server 2003 presents one of the most far-reaching risks to health data we have seen,” said David Cristal, VP of Sales, Public Sector, and Healthcare. “We are connecting with healthcare leaders here at the Healthcare Information and Management Systems event to help them understand and then address the end of service so we can limit the risks of exposing sensitive health data.”

According to Microsoft research data, 23.8 million instances of Windows Server 2003 were running on 11.9 million physical servers worldwide in 2014, or approximately 39 percent of all installed Microsoft Server operating systems. Microsoft’s planned end-of-service means that as of July 14, 2015, they will no longer provide critical support, automatic fixes, updates, or technical assistance for Windows Server 2003.

Healthcare institutions need to upgrade to a newer, supported operating system, replace servers, or transition IT operations to a cloud-based service. Whatever their choice, Insight warns, they need to act now.

“It doesn't matter if the operating system is an integral or minor part of a data center, the risk is the same,” Cristal said. “The healthcare and technology industries are working together to make sure the data center holes big and small are filled so attackers can't gain control and severely exploit this issue.”