Blog

Microsoft Windows Server 2003 End-of-Life (EOL)

January 12th, 2015

URGENT NOTICE for All Highly Regulated Industries – Healthcare, Financial, Legal, etc.

Medicus Solutions would like to provide an update as it relates to the Microsoft Windows Server 2003 end-of-life. This has started to get a lot of publicity in tech news, generating many questions, and has prompted us to put together information for our clients.

WHAT IS HAPPENING?

Windows Server 2003 was released May of 2003, about a dozen years ago, and Microsoft will end support officially on July 15, 2015.  The countdown has started for the Server 2003 end-of-life; it will R.I.P. (rest in peace).

HOW DOES THE SERVER 2003 END-IF-LIFE AFFECT YOU?

First and foremost, with Microsoft ending support and security patches, this will make Server 2003 more vulnerable to attacks, malware, and ultimately a security risk. Hackers and cybercriminals know this is coming and it is time to prepare. Because of the end of security patches, after the end of support date, Server 2003 will no longer be an acceptable as part of your practice’s HIPAA compliant solution. Many software vendors have already released that they will be ending support for their applications on the server 2003 platform as well.

MYTH: MY OFFICE USES SERVER 2003, BUT IT’S OK – WE HAVE GREAT ANTIVIRUS AND/OR A MAGICAL FIREWALL

There is no plausible, credible argument in the fact that if you are running excellent firewall or antivirus software safeguarding your server, that you are given a pass on ridding your practice of end-of-life operating systems. The HIPAA Security Rule Section 164.308 (a) (5) (ii) (B) states that healthcare entities (covered entity) must implement “procedures for guarding against, detecting, and reporting malicious software”. Placing all your eggs in the basket of an antivirus or firewall solution, while your underlying Operating System (OS) is basking in zero-day threats that will have no patching, is a falsehood you don’t want to sit upon in the face of legal action. It won’t stand up in court.

WHAT NEEDS TO BE DONE DUE TO SERVER 2003 END-OF-LIFE?

If you have a Windows Server 2003 device still in operation it is time to plan to upgrade and/or replace these devices to protect the security of your systems and to meet security compliance under the HIPAA Security Rule.  Many servers physical hardware will not be capable of running a newer version of Windows Server and likely will need to be replaced.

Medicus will be reaching out to all active clients whom have a Windows 2003 Server in deployment to make a recommendation on best path for addressing this in your infrastructure. If you are not a currently Medicus client and need assistance, please reach out to us at sales@msinc.com or 678-495-5900.

Thank you!

Your Medicus Support Team

A couple of reference links for Server 2003 End-of-Life

http://support2.microsoft.com/lifecycle/search/default.aspx?alpha=Windows+Server+2003+R2

http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/adminsafeguards.pdf