Nothing lasts forever, especially when talking about technology. In less than 24 short months, Windows 10 will reach its end of life. This means that practices using Windows 10 may no longer be HIPAA compliant.
Microsoft currently sends security updates at least weekly and, on some occasions, more frequently, especially when a zero-day vulnerability has been discovered. On October 25, 2025, those security updates will end.
Those devices using Windows 10, will become what we call “legacy devices”. Devices that are no longer supported become vulnerabilities. There can be legacy software, but there can also be legacy hardware or devices.
When it comes to legacy software and hardware, it is important to ensure that covered entities or practices continue to comply with the Health Insurance Portability and Accountability Act (HIPAA) to safeguard patient information. Hackers know that many practices will continue to use legacy applications and devices, and they also know that because there is no support, it is easier to access them thus leaving the practice vulnerable to a cyber-attack.
Between now and October of 2025, practices should consult with the MSP/IT partner to determine what devices may be able to be upgraded and what devices need to be replaced. When replacing devices, practices should ask if the device will be ready for Windows 11. Windows 11 does require updated hardware but will also allow for better security. For example, Windows 11 will allow for endpoints to be encrypted.
Practices should also periodically review all applications on every device to ensure that only applications necessary to the business are active. All applications that are no longer used should be removed. Applications used should be updated to the most current version.