Windows XP – Upcoming HIPAA Security Concern

Healthcare security breaches have, in recent years, resulted in costly penalties to covered entities. Data security threats that can lead to these breaches originate from many sources. A new source will be born early next year.

As of April 8, 2014 Microsoft will end support for the Windows XP operating system, initially released in August 2001. Microsoft and security experts are cautioning that Windows XP users will face increased security risks as a result of this change, largely due to the lack of new security updates. Windows XP will be significantly more susceptible to attacks as criminals will have free reign to exploit vulnerabilities in the operating system without response from Microsoft in the form of security updates or technical content updates.

As in the past, users who handle electronic personal health information (ePHI) face a greater risk than others. Over 18 million patient records were breached between 2009 and 2011, and a single personal health record is now worth more on the black market than a credit card number, social security number, and date-of-birth combined.

With strict enforcement of the HIPAA and HITECH Acts, and increased computer hacker interest in ePHI, it is increasingly necessary for covered entities to be confident in their ability to secure the data from threats. Microsoft’s decision to end support for Windows XP users will make XP users handling ePHI an even greater target for criminals attempting to exploit the operating system’s potential new, unprecedented vulnerabilities.

LaSalle Consulting Partners, Inc. recommends that Fund administrators upgrade or replace any existing Windows XP computers that have access to ePHI prior to April of next year in order to avoid exposure to potential security threats inherent to Windows XP.


LaSalle Consulting Partners, Inc.
200 W Madison St | Suite 940 | Chicago, IL 60606 | 312-361-3326