Consumer PCs are almost certainly not covered entities under HIPAA, nor is Microsoft in its role as an OS provider.
Even then, if this whole thing were to result in an inappropriate disclosure by a covered entity, the organization that processes the data would be liable, not Microsoft.
That's like blaming the building contractor because you left the door unlocked and someone came in and stole your cat.