Are you forcing customers off of XP now that its patches are end of lifed?

K

knc

Active Member
Reaction score
43
Location
Kingston, Ny
I am forcing all of my business clients off, due to the fact there will be one more level of security vulnerabilities. No patches, no updates... Insurance, medical, financial, all vulnerable now.

Your thoughts?
 
Every call, every visit i'm informing people of the end of support by Microsoft for xp next April. I'm just putting it in their minds. You'll be surprised by the number of people who just don't know. I think it is all they need to buy new computers. They know XP is old and they need to buy soon.
 
Yes, I have given them all a heads up and am now starting the major roll-out.
My clients are health care providers, and I couldn't put it better than this copypasta:

For example, when it comes to HIPAA and PCI compliance, the regulations state that entities must employ all security patches within a certain time frame (depending on the regulatory body). Thus, when software reaches its end of life, there are no more security patches and therefore at the end of life, it reaches it’s compliance limit. The software manufacturer is no longer looking after the security vulnerabilities of the software and will not issue any patches or bulletins to combat any issue.
Click to expand...

Given the big change in HIPAA/HITECH that takes place in a few weeks I am standing firm on this one. XP has to go.
 
Can anyone post any good articles or other links outlining HIPAA's impact as it pertains to our world of keeping computer hardware & software up to date?

Anything that makes it clear that outdated, unsupported technology must go...

I have been mentioning it to my clients who are still using older PCs, but it often helps if they read it from an "official" source.

Thanks
 
Someone else put it best:

It's pretty simple, if the OS is not receiving any updates then the environment is not secure and cannot be attested as to being secure. That being said, HIPAA actually does not require this to be the case. Only that proper steps are taken to ensure that the environment is secure and PHI is being protected. Now, you can't very well say that this is occurring on an unpatched system that no longer has vendor support. It is time to upgrade.
Click to expand...

As their network and IT manager, I can not certify it to be secure/compliant if there is no official patching or testing.

I can not point you to any specific document from the .GOV stating that "Napster-Good | XP-Bad", but I also can't point to a doc that states ROT13 encryption specifically is not compliant.

/Yes, that last part was more of a joke
 
I wrote up a short blog about this

drjones said:
Can anyone post any good articles or other links outlining HIPAA's impact as it pertains to our world of keeping computer hardware & software up to date?

Anything that makes it clear that outdated, unsupported technology must go...

I have been mentioning it to my clients who are still using older PCs, but it often helps if they read it from an "official" source.

Thanks
Click to expand...

I have a couple of links - one to an industry blog & another to outline of the specific HIPPA rule:

http://www.physicianspractice.com/blog/growing-hipaa-threat-ignore-windows-xp-your-own-peril

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf

here is my writeup on it:

http://www.sarasotahomecomputers.co...ll-out-of-hipaa-compliance-in-april-2014.html
 
Absolutely. I have told my clients and I was already able to complete one process with one client, along with the other asking for quotes. They wanna get it done by the end of next month.
 
I did it for a while and I stopped. Most listen but don't do anything about it, now.

Besides, there is more money to be made in emergency upgrades later on. :p
 
I feel that our job is to properly inform our clients of what it means to be running XP still and that this can impact compliance for certain businesses and the regulations they fall under. We also have the duty to inform them regardless of the regulatory compliance issues the general security issues for business and personal computer users alike. In the end it is up to the client and while I may or may not be able to certify it as compliant I would still be able to maintain and service such a system.
 
My last XP client

Talk about crunch time on this. Re-doing an entire medical office (15 systems and a win server 2003). We just picked them up before the HIPAA thing kicks in. We are doing the install this weekend when they are closed. Got the server and all systems ready for connect em up and go. We set everything up in the shop, let it run (windows 8 with win server 2012) and do up all the configuration stuff. Most coordinated and most time sensitive install I think we've done yet.

But yes, pushing everyone off WinXP
 
I informed all of my clients about Microsoft is ending support for XP in April 2014. They are aware and informed them to upgrade their computers if eligible or buy newer models. Also, my shop is going to stop support for XP.
 
I wouldn't stop supporting XP. We are advising certain clients that we will not be liable for security breaches (viruses, hacking, etc) if they continue to use winxp. And that we will provide limited support for winxp machines.

Some took the hint, others have noticed changes in the SLA and wondered why what's covered post apr 2014 has changed and then got the hint.
 
SAG said:
Yes, I have given them all a heads up and am now starting the major roll-out.
My clients are health care providers, and I couldn't put it better than this copypasta:

For example, when it comes to HIPAA and PCI compliance, the regulations state that entities must employ all security patches within a certain time frame (depending on the regulatory body). Thus, when software reaches its end of life, there are no more security patches and therefore at the end of life, it reaches it’s compliance limit. The software manufacturer is no longer looking after the security vulnerabilities of the software and will not issue any patches or bulletins to combat any issue.
Click to expand...


Given the big change in HIPAA/HITECH that takes place in a few weeks I am standing firm on this one. XP has to go.
Click to expand...


Where did you get that quote from?


.
 
You must log in or register to reply here.

Similar threads

ThatPlace928
Support for Windows 11 23H2 Ends November 10, 2025
Replies
11
Views
2K
Diggs
Diggs
phaZed
Another shop goes 100% Linux with CachyOS!
2 3
Replies
59
Views
5K
frase
frase
callthatgirl
GoDaddy Microsoft 365 Pros and Cons
Replies
9
Views
8K
Your PCMD
Your PCMD
callthatgirl
What small business using Microsoft Exchange + Outlook need to know about DNS
Replies
15
Views
2K
Techli
Techli
Metanis
[TIP] Automatic updates to digital wallets!
Replies
1
Views
1K
britechguy
britechguy
Back
Top