Doctor's Office Still Using XP: Should I Say Anything?

Helen from NYC writes:

I’ve noticed in two of my doctors’ offices that their computers still have Windows XP Professional. I did mention to one of the employees that XP will no longer have tech support after April. What suggestions do you have for notifying them directly if the employee doesn’t do anything?

First of all, Helen…SHARP EYE! That’s a great catch on your part, especially considering the amount of personal information your doctor has stored in the office computer system.  I’d speak to your doctor or the office manager directly and ask them when they plan to upgrade. And if not, have they purchased some type of third-party security support? There is some very expensive third-party security support available for businesses, but generally not for home users. Microsoft is ending security support for Windows XP on April 8, 2014. That means these systems will be a prime target for people looking to steal information.

If the office is part of a larger medical system or affiliated with a hospital, I’d inquire as to what they are doing to protect your information. A good old-fashioned letter asking the office if and when they plan to upgrade is completely appropriate.

In fact, it’s a perfectly appropriate question to ask any business that handles your personal information. It’s estimated that as many as 30% of small and mid-sized businesses are still using the XP operating system.  Medical offices, banks, retailers, accountants and more can have important personal information in their database and it’s not a bad idea to check with them and see if they’ve made the transition away from XP.

I read an article last week where the author decided to check his business to make sure he didn’t have forgotten XP machines up and running and he discovered that he had several in place and went to work on upgrading.

I’m a little concerned that the employee didn’t have an answer for you like, “We’re upgrading the system in February.” You would hope by this point the office would have a plan in place and have notified the employees that the change is coming.

~ Cynthia

  1. Although highly unlikely, it is possible that the computers used by a medium to large organization are in an isolated network. I know that where I am working there are such networks. These would not really be at any risk but again, I doubt that her doctor’s offices were such networks.

