I'm currently working at a hospital with around 400-450 employees and we're stuck using really old tech. The management refuses to upgrade our software, claiming it's too pricey and not worth it. We're still running Microsoft Office 2007, and our servers and Active Directory are ancient—everything is onsite and unsupported. I'm seriously worried this could lead to compliance issues with regulations like HIPAA and CMS. Given that Office 2007 lost support back in 2017 and using unsupported software is a hassle for everyone, how can I convince the higher-ups that we need to switch to something modern like Office 365? I've tried talking to them, but they just focus on keeping costs down and brush off the risks. Even our pen testers mentioned that they can't test our systems properly because the tech is so old, which is alarming in itself. Plus, there's no software isolation, and the old programs are tied to our EHR. How can I effectively communicate these risks and push for an upgrade?
5 Answers
Don't forget about their cyber insurance. If they're using outdated software and a breach occurs, that could nullify their coverage, which would be a huge problem. Pointing this out might compel them to take action.
Definitely connect this to potential financial implications. It's a strong argument.
Writing a formal document laying out your concerns could be a good strategy. Document the risks and potential costs of a breach and send it to the leadership team. Just make sure to keep a copy for yourself in case things go south later.
Good idea! Just be careful not to overstep and alienate your managers.
Always BCC yourself when sending these kinds of emails for proof—better safe than sorry!
It might help to present your case from a personal angle too. When hospitals can't maintain current tech, it often leads to underfunded IT salaries and outdated skills in their staff, making them less attractive in the job market. If you can show them how outdated systems are hurting the workforce, maybe they'll listen more closely.
That's a solid point! Keeping skills up-to-date is crucial, especially in healthcare.
Absolutely! Plus, it highlights the financial implications of not investing in tech.
It sounds like the hospital is setting itself up for a big problem down the line. You definitely want to document your concerns in case something goes wrong. Keep a record of your communications; it’ll protect you if they face serious issues later.
For real! Covering yourself is key in situations like this.
Yeah, it’s about ensuring you’re not the fall guy when the inevitable happens.
Have you thought about taking this issue to a board member? Sometimes management doesn't see the bigger picture, and board members might have more influence to push for upgrades or modernization.
True—board members often have a different perspective on risks!
That's a smart move! Stakeholders often respond better to pressure from above.
Exactly! It's all about avoiding the fallout—definitely a point to bring up.