On April 8, Microsoft (NASDAQ:MSFT) discontinued software and security updates for Windows XP, its 12-year-old operating system installed on 28% of the world's computers. That's bad news for the health-care industry, which has experienced a surge in data breaches and hacks over the past few years.
Market research firm Gartner recently noted that a third of businesses (which includes the health care industry) have XP installed on more than 10% of their systems. Although support for Windows XP has ended, Windows XP Embedded, a variant installed on certain medical devices, will be supported until 2017.
Aging tech, data breaches, and hacks
The end of XP comes at tough time when many hospitals are struggling to upgrade their aging technologies. U.S. hospitals and practices are trying to meet the requirements of the HITECH (Health Information Technology for Economic and Clinical Health) Act, which grants them government subsidies for achieving "meaningful use" benchmarks such as EHR (electronic health record) adoption and the guaranteed security of patient records. Practices also must remain compliant with the HIPAA (Health Insurance Portability and Accountability) Act of 1996, which ensures that hospitals are taking all of the necessary measures to protect patient data.
Unfortunately, recent health-care IT issues indicate that the industry is far from meeting those standards. The San Francisco Chronicle recently reported that Medtronic, Boston Scientific, and St. Jude Medical were all hit by hackers in the first half of 2013. That report raised serious concerns about the safety of newer medical devices such as Wi-Fi pacemakers. In February, St. Joseph Health System reported that a data breach exposed over 405,000 patient records. Those alarming events were only the tip of the iceberg -- the number of personal health record breaches climbed 138% year over year in 2013, according to IT security audit firm Redspin.
Therefore, the loss of support for administrative systems running on XP could leave practices exposed to even more hacks and data breaches. According to a recent Meritalk survey, 82% of health-care IT executives admitted that their infrastructure was "not fully prepared for a disaster recovery incident."
Upgrades, cloud-based services, and security
In response to these problems and the end of Windows XP, I expect most hospitals and practices to simply upgrade their systems to Windows 7 or 8.1. The Windows interface is familiar and most existing software remains compatible. Microsoft's efforts to beef up its health care portfolio with HealthVault, Windows 8.1-optimized EHR apps, and Bing Health are all lucrative reasons to stick with Microsoft. A mass upgrade across the health care industry would also be great news for Microsoft, which reported a 3% decline in Windows OEM revenue last quarter.
Hospitals and practices could also start relying more on cloud-based services like Athenahealth (NASDAQ:ATHN). Athenahealth's three core services -- physician practice and billing management (athenaCollector), EHR services (athenaClinicals), and a patient communication web portal (athenaCommunicator) -- transfer clinical administrative tasks onto a safer, more cohesive cloud-based ecosystem. Athenahealth's subscription-based services can be accessed from desktops, laptops, and mobile devices.
It's a trend that's catching on quickly -- Aaron Levie, CEO of popular cloud-based storage service Box, recently noted that the health-care sector's usage of its service surged 300% last year. Athenahealth's results in fiscal 2013 also reflected this move toward the cloud -- its revenue soared 41% while its non-GAAP adjusted net income climbed 19%.
Major antivirus companies have also introduced security solutions targeting the health-care sector. Symantec (NASDAQ:SYMC), the maker of Norton Antivirus, offers comprehensive security solutions for HIPAA compliance, patient privacy protection, and better storage management for data loss prevention. Symantec has also published detailed articles online explaining the end of XP and its effect on HIPAA compliance in hospitals. The end of XP and increased security threats in health care could be a boost to Symantec, which has been slumping after quarters of declining revenues and the firing of its CEO.
The Foolish takeaway
In conclusion, hospitals should be serious about upgrading their aging tech, but their efforts have been painfully slow. It's likely that many hospitals in the U.S. and across the world have already missed that deadline.
Sticking with XP doesn't immediately make U.S. hospitals non-compliant with HIPAA, but it's a pretty huge risk to take considering the startling surge in hacks and data breaches that have recently hit the health care sector.