Skip to content

Information technology in the healthcare sector has always possessed an added layer of complexity due to industry-specific regulations such as HIPAA and the HITECH Act.

As healthcare IT administrators have observed their counterparts in other industries dealing with the pain points associated with Windows Server 2003 end of support, their migration path has been muddied – and sometimes delayed- due to a number of industry specific considerations.

With the average migration from Windows Server 2003 taking more than 6 months, healthcare IT administrators are faced with a tough decision as the looming EOS deadline approaches.

Healthcare IT Administrator Considerations for Windows Server 2003 End of Support


It’s likely Windows Server 2003 will not be a HIPAA supported platform so those who do not migrate will risk compliance. As simple as that.


Despite the workloads associated with Windows Server 2003, this vulnerability has far-reaching implications for any infrastructure. According to IT World, “databases, middleware, applications and other sensitive information can all be compromised by a single unpatched vulnerability.”

The risk is serious enough that the Department of Homeland Security issued a cyber alert warning about the dangers facing those who disregard the end of support deadline. It said, continued use of Windows Server 2003 will open an organization up to: “”an elevated risk to cyber security dangers, such as malicious attacks or electronic data loss.”

With the sensitive nature of healthcare data, the risk to healthcare organizations carries even greater weight.

Application Compatibility

On the flip side, there are healthcare specific scenarios that have delayed migration for some. One such scenario is app compatibility. App use is widespread in the healthcare industry. Trouble is, it is unlikely that apps that aren’t widely used will switch to a compatible format.  This will leave healthcare providers in a tough spot – choosing between use of their mission critical apps or HIPAA compliance.

On the other hand, Windows Server 2003 is a 32-bit app, and with 64-bit apps quickly becoming the norm, Windows Server 2003 users will not receive updates.


Like every organization, healthcare organizations typically don’t have much budgetary wiggle room. Organizations who don’t migrate will be faced with a $600 per server cost for extended support after the July 2015 EOS deadline. Compound that with the cost associated with the potential security risk and inaction will add up for healthcare organizations.

What’s Next?

Partnering with a cloud services partner can help mitigate complexity and ensure your organization remains compliant through the end of support deadline and beyond. Contact us to assist with any Windows Server 2003 related needs.