Windows End-of-Life Considerations and Potential Risks to Healthcare Facilities


It’s interesting how we often all can be in the same boat from a technology perspective. Advances and improvements in software generally make our lives easier and offer new and more efficient ways to run our day-to-day operations. Coming from a business operations background, I appreciate how our software can help drive results for our teams, departments and organizations. Many of the opportunities that come from our software investments can only be achieved through adherence to a continual upgrade process. However, in my decade at Picis, I’ve also seen firsthand how complacency and the tendency to settle into the status quo can drive a significant impact and cost for healthcare facilities.

A quick google search will return innumerable cases of legacy software platforms being exploited by nefarious parties for financial gain or simply to cause problems. The impact of investigating malicious activity, switching to downtime process and backup procedures, restoring systems and records, and notifying patients can wreak havoc on a healthcare system. Not to mention that the maximum fines levied under HIPAA in the United States can be up to $1.5M annually. Moreover, Ontario, Canada has similar standards under the Personal Health Information Protection Act (PHIPA). So the problems from both an operational and financial perspective and the purported loss of patient goodwill are pretty apparent. For hospitals, ensuring that critical business and clinical systems are running as close to the “latest & greatest” available Microsoft platforms is one of the most important ways to prevent disruptions in day-to-day clinical operations.

Microsoft has a well-established release schedule for Windows (Desktop and Server OS) and Microsoft SQL Server. Generally speaking, the support life cycle for Microsoft products is ten years, with mainstream support for the first five years and extended support for the final five years. Mainstream support includes fixes, new features and enhancements, with the extended support containing only fixes and security updates. So for many hospital systems running on these platforms, significant operational and risk management concerns are present as we begin to come up against these timelines. As an example, the end of extended support is imminent on the following Microsoft platforms:

  • Microsoft SQL Server 2012 July 2022
  • Windows Server 2012 October 2023
  • Windows 10 October 2025
  • Microsoft SQL Server 2016 July 2026
  • Windows Server 2016 January 2027

Ensuring that hospitals can take advantage of the latest Microsoft releases is one of the most important commitments for any healthcare solutions vendor. This commitment was one of the driving reasons we at Picis prioritized ensuring that our latest release, Picis 10, is fully compatible with Windows Server and SQL server 2019. Ensuring this compatibility allows our customers to receive critical security updates from Microsoft until 2029 and 2030, respectively.

For hospitals and health systems, ensuring that software solutions are up-to-date and compliant with the latest Microsoft infrastructure is one of the most effective security postures. The modern healthcare business environment is fraught with malicious activity. Therefore, hospital leaders are well-advised to continually review their software portfolios – taking necessary actions to ensure that their vendors can comply with Microsoft standards and timelines to the greatest extent possible.

About the Author

Jay Adams, Vice President, Sales and Marketing

Jay Adams is a senior business and technology leader with more than 12 years of client-facing experience delivering best-in-class professional services and technical support to a broad range of healthcare organizations. A proven track record of implementing business strategies to drive revenue growth, enable customer success, and build enduring organizations. Over a 10-year period, Jay has moved through every level within the Picis support organization and has been an integral part of working with customers to make the most of their investment in the Picis solutions.

Prior to joining Picis, jay held various technical positions within large organizations, including CVS Health and the subsidiary Minute Clinic. Additionally, as a Second Class Petty Officer in the United States Navy served overseas supporting electronic systems for the F/A–18 strike fighter aircraft.

Jay holds a Masters of Business Administration and Bachelors of Science in Information Technology from Western Governors University and a Masters of Science in Information Technology at American Public University.