For health organizations still running Microsoft 2008 or other older operating systems, there is good news and bad news. The good news is that Microsoft has issued a software patch for outdated versions of Windows including: Windows 7, Windows Server 2008, Windows XP and Windows 2003. The not-so-good news is that the patch was released after a major vulnerability was discovered. This flaw would allow hackers to potentially stage a sequel to the 2017 WannaCry security incident that crippled computers in 150 countries and caused more than $4 billion in damages. This new threat can be launched remotely and is said to be “wormable,” meaning it has the ability to self-replicate. Microsoft predicts at least one million computers that are connected to the internet are sitting ducks for a new attack. In an email/web message on May 30, 2019, the company states: Our recommendation remains the same. We strongly advise that all affected systems should be updated as soon as possible. It is possible that we won’t see this vulnerability incorporated into malware. But that’s not the way to bet. The patch is a start. Do it now. Then upgrade. Soon. It’s a lesson learned from the 2017 attack. While there was a 60-day lag between when Microsoft issued a patch for the EternalBlue bug and when the first WannaCry attack happened, many organizations had not installed the patch and were soon part of the hundreds of thousands of compromised computers around the world. Two years later, it’s estimated that the WannaCry virus is still active on 145,000 devices worldwide and that 40% of healthcare organizations suffered a WannaCry attack in the last six months. If your health system has Microsoft 2008 or other outdated operating systems in the mix, the clock is ticking to upgrade to maintain cybersecurity. The end of regular security updates for Windows Server 2008 is set for Jan. 14, 2020, which is quickly approaching – that kind of vulnerability is not something healthcare can gamble on. As you weigh your next steps, take these three things into consideration to help ready yourself for the end of support. If your organization is still dependent on legacy EHR systems to meet retention requirements and provide legacy data access, Harmony Healthcare IT can help mitigate your risk. Our data archiving solution consolidates data stores, reduces out-of-production system maintenance costs, and complies with record retention mandates. Most of all, it provides increased security from cyberattacks, protecting both your organization and your patients. If you need a hand, we’re here to help. Let’s connect.