IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NHS systems still reliant on Windows XP

Government minister downplays significance of venerable OS' continued use

Over 2,000 NHS systems are still running on Windows XP five years after it stopped receiving security updates.

It's the latest hammer blow to the NHS' reputation for being well behind the curve in terms of keeping its IT systems up-to-date and secure.

The figures were slammed by shadow Cabinet Office minister Jo Platt after they were revealed by Jackie Doyle-Price, parliamentary under secretary of state at the Department of Health.

"The government is seriously lacking the leadership, strategy and co-ordination we need across the public sector to keep us and our data safe and secure," said Platt. "How many more warnings will it take before they listen and take action?

"The next Labour government will provide not only the resourcing but also the vital leadership, organisation and dedication needed to get our public sector fit and resilient to fight the cyber-threats of the 21st century," she added.

It's not the first set of figures that illustrate an apparent disregard for cyber security in some parts of the National Health Service. In December 2018, a response to an FOI request revealed some NHS Trusts spend as little as 250 on cyber security.

Results of a different FOI request a year later revealed one NHS Trust in Cumbria was the victim of an "extraordinary" number of cyber attacks and had spent 29,600 in 2017 alone to remedy the effects.

Doyle-Price was quick to dispel Platt's criticism, claiming that although the number of legacy systems was in the thousands, it only accounted for a small percentage of the total 1.4 million computers run by the NHS.

"This equates to 0.16% of the NHS estate," said Doyle-price. "We are supporting NHS organisations to upgrade their existing Microsoft Windows operating systems, allowing them to reduce potential vulnerabilities and increase cyber resilience."

In the wake of the WannaCry ransomware attack on the NHS in 2017, the National Audit Office revealed the NHS had been warned by the Department of Health as early as 2014 about the threat of cyber attacks and that it should migrate from Windows XP by April 2015.

Five years later, the upgrade process still hasn't been completed and after an attack that cost the NHS a reported 92 million, it has led experts calling for better action to be taken.

"Considering the damage done by the WannaCry attack in 2017, it's appalling that the NHS hasn't finished upgrading its systems," said Paul Bischoff, privacy advocate at "Even if 2,300 computers is a small fraction of the total, hackers only need a single point of ingress to infect an entire network."

There are other reasons for running old software too."Often we see that companies are running old software that is no longer compatible with the newer operating systems, and therefore have to use older systems for this reason - but this does not make lower the risk of using those systems," said Boris Cipot, senior security engineer at Synopsys.

"For instance, it may have very expensive medical equipment that can only be controlled by software that runs on XP," said security analyst Graham Cluley. "So it's not just a  case of updating a PC, but perhaps spending millions on a new MRI scanner."

Featured Resources

The COO's pocket guide to enterprise-wide intelligent automation

Automating more cross-enterprise and expert work for a better value stream for customers

Free Download

Introducing IBM Security QRadar XDR

A comprehensive open solution in a crowded and confusing space

Free Download

2021 Gartner critical capabilities for data integration tools

How to identify the right tool in support of your data management solutions

Free Download

Unified endpoint management solutions 2021-22

Analysing the UEM landscape

Free Download

Most Popular

Samsung proposes 11 Texas semiconductor plants worth $191 billion

Samsung proposes 11 Texas semiconductor plants worth $191 billion

21 Jul 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022
Should you take your password manager off the internet?

Should you take your password manager off the internet?

28 Jul 2022