Compliance Focus: Windows 10 OS and Other Computer Systems

Windows 10 reached the end of support on October 14, 2025, and systems using this operating system are now without critical security updates, leaving these systems vulnerable to malware, ransomware, and data breaches. Unsupported systems pose an immediate HIPAA risk for chiropractic practices, particularly if those devices access or store electronic protected health information (ePHI). If even one workstation remains on Windows 10, it can create a gap in your cybersecurity safeguards and increase exposure to attack.

HIPAA Security addresses more than just operating systems. It includes security for all connected devices and network components that interact with patient data. From routers to mobile phones, every piece of technology must meet minimum security standards. That’s why now is a critical time to review your systems and policies.

Advertisement

Ensuring your technology infrastructure complies with HIPAA and cybersecurity regulations is essential for protecting patient data and avoiding serious penalties. This article is part of the Illinois Chiropractic Society’s monthly effort to help chiropractic physicians reduce compliance risks and protect their practices. The requirement covered here is actively tracked in Statusfi, the free compliance dashboard for ICS members at my.statusfidashboard.com. This includes items like verifying anti-virus software specifications and checking whether default passwords on network hardware have been changed.

What It Is:

This compliance category focuses on the security of any device or network component that connects to or transmits electronic protected health information (ePHI). The goal is to ensure systems are up to date, protected against malicious software, and follow standard security protocols. This includes desktop and mobile devices, routers, access points, modems, and any written policies governing their use.

Why It Matters:

Outdated systems or unsecured networks leave your practice vulnerable to data breaches, ransomware, and HIPAA violations. A single compromised device could expose protected health information, resulting in federal fines, loss of patient trust, and possible audits. For example, failing to change default router passwords or lacking anti-virus protections on mobile devices could create access points for attackers. These are preventable risks that can be mitigated with consistent oversight and basic security measures.

What to Check:

• ✅ Ensure the operating system on all devices connected to your practice network is up to date. This includes desktops, laptops, tablets, and mobile phones.
• ✅ Verify that all routers, modems, and access points no longer use the factory default passwords.
• ✅ Implement a written policy requiring administrative passwords to be changed when employees with access leave the practice.
• ✅ Confirm anti-virus software is installed and enabled on all connected devices.
• ✅ Check that anti-virus software is fully updated and capable of detecting a wide range of malware types.
• ✅ Use the same anti-virus software across all devices to ensure consistency and full coverage.
• ✅ Have a written policy in place for mobile devices that aligns with HealthIT.gov guidelines for protecting ePHI.

Where It’s Tracked in Statusfi:

Tracked in: HIPAA Compliance > Security > Cyber Security > Computer Systems and Network Components

Log in at my.statusfidashboard.com to complete or assign this checklist item.

Next Steps:

These updates are straightforward but critical. Update all Windows 10 systems to Windows 11 immediately. Then review your office’s current device inventory and confirm your IT policies are up to date. If you outsource IT support, request confirmation that these protections are in place. You can also delegate this review to a team member familiar with your technology setup. Staying ahead of these basic security measures can significantly reduce your compliance risk.