NHS systems still reliant on Windows XP

Government minister downplays significance of venerable OS' continued use

NHS Trust building

Over 2,000 NHS systems are still running on Windows XP five years after it stopped receiving security updates.

It's the latest hammer blow to the NHS' reputation for being well behind the curve in terms of keeping its IT systems up-to-date and secure.

The figures were slammed by shadow Cabinet Office minister Jo Platt after they were revealed by Jackie Doyle-Price, parliamentary under secretary of state at the Department of Health.

"The government is seriously lacking the leadership, strategy and co-ordination we need across the public sector to keep us and our data safe and secure," said Platt. "How many more warnings will it take before they listen and take action?

"The next Labour government will provide not only the resourcing but also the vital leadership, organisation and dedication needed to get our public sector fit and resilient to fight the cyber-threats of the 21st century," she added.

It's not the first set of figures that illustrate an apparent disregard for cyber security in some parts of the National Health Service. In December 2018, a response to an FOI request revealed some NHS Trusts spend as little as 250 on cyber security.

Results of a different FOI request a year later revealed one NHS Trust in Cumbria was the victim of an "extraordinary" number of cyber attacks and had spent 29,600 in 2017 alone to remedy the effects.

Doyle-Price was quick to dispel Platt's criticism, claiming that although the number of legacy systems was in the thousands, it only accounted for a small percentage of the total 1.4 million computers run by the NHS.

"This equates to 0.16% of the NHS estate," said Doyle-price. "We are supporting NHS organisations to upgrade their existing Microsoft Windows operating systems, allowing them to reduce potential vulnerabilities and increase cyber resilience."

In the wake of the WannaCry ransomware attack on the NHS in 2017, the National Audit Office revealed the NHS had been warned by the Department of Health as early as 2014 about the threat of cyber attacks and that it should migrate from Windows XP by April 2015.

Five years later, the upgrade process still hasn't been completed and after an attack that cost the NHS a reported 92 million, it has led experts calling for better action to be taken.

"Considering the damage done by the WannaCry attack in 2017, it's appalling that the NHS hasn't finished upgrading its systems," said Paul Bischoff, privacy advocate at Comparitech.com. "Even if 2,300 computers is a small fraction of the total, hackers only need a single point of ingress to infect an entire network."

There are other reasons for running old software too."Often we see that companies are running old software that is no longer compatible with the newer operating systems, and therefore have to use older systems for this reason - but this does not make lower the risk of using those systems," said Boris Cipot, senior security engineer at Synopsys.

"For instance, it may have very expensive medical equipment that can only be controlled by software that runs on XP," said security analyst Graham Cluley. "So it's not just a  case of updating a PC, but perhaps spending millions on a new MRI scanner."

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021