NHS systems still reliant on Windows XP

Government minister downplays significance of venerable OS' continued use

NHS Trust building

Over 2,000 NHS systems are still running on Windows XP five years after it stopped receiving security updates.

It's the latest hammer blow to the NHS' reputation for being well behind the curve in terms of keeping its IT systems up-to-date and secure.

The figures were slammed by shadow Cabinet Office minister Jo Platt after they were revealed by Jackie Doyle-Price, parliamentary under secretary of state at the Department of Health.

"The government is seriously lacking the leadership, strategy and co-ordination we need across the public sector to keep us and our data safe and secure," said Platt. "How many more warnings will it take before they listen and take action?

Advertisement
Advertisement - Article continues below

"The next Labour government will provide not only the resourcing but also the vital leadership, organisation and dedication needed to get our public sector fit and resilient to fight the cyber-threats of the 21st century," she added.

It's not the first set of figures that illustrate an apparent disregard for cyber security in some parts of the National Health Service. In December 2018, a response to an FOI request revealed some NHS Trusts spend as little as 250 on cyber security.

Results of a different FOI request a year later revealed one NHS Trust in Cumbria was the victim of an "extraordinary" number of cyber attacks and had spent 29,600 in 2017 alone to remedy the effects.

Doyle-Price was quick to dispel Platt's criticism, claiming that although the number of legacy systems was in the thousands, it only accounted for a small percentage of the total 1.4 million computers run by the NHS.

"This equates to 0.16% of the NHS estate," said Doyle-price. "We are supporting NHS organisations to upgrade their existing Microsoft Windows operating systems, allowing them to reduce potential vulnerabilities and increase cyber resilience."

In the wake of the WannaCry ransomware attack on the NHS in 2017, the National Audit Office revealed the NHS had been warned by the Department of Health as early as 2014 about the threat of cyber attacks and that it should migrate from Windows XP by April 2015.

Five years later, the upgrade process still hasn't been completed and after an attack that cost the NHS a reported 92 million, it has led experts calling for better action to be taken.

"Considering the damage done by the WannaCry attack in 2017, it's appalling that the NHS hasn't finished upgrading its systems," said Paul Bischoff, privacy advocate at Comparitech.com. "Even if 2,300 computers is a small fraction of the total, hackers only need a single point of ingress to infect an entire network."

There are other reasons for running old software too."Often we see that companies are running old software that is no longer compatible with the newer operating systems, and therefore have to use older systems for this reason - but this does not make lower the risk of using those systems," said Boris Cipot, senior security engineer at Synopsys.

"For instance, it may have very expensive medical equipment that can only be controlled by software that runs on XP," said security analyst Graham Cluley. "So it's not just a  case of updating a PC, but perhaps spending millions on a new MRI scanner."

Featured Resources

The essential guide to cloud-based backup and disaster recovery

Support business continuity by building a holistic emergency plan

Download now

Trends in modern data protection

A comprehensive view of the data protection landscape

Download now

How do vulnerabilities get into software?

90% of security incidents result from exploits against defects in software

Download now

Delivering the future of work - now

The CIO’s guide to building the unified digital workspace for today’s hybrid and multi-cloud strategies.

Download now
Advertisement

Recommended

Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/cloud/microsoft-azure/354230/microsoft-not-amazon-is-going-to-win-the-cloud-wars
Microsoft Azure

Microsoft, not Amazon, is going to win the cloud wars

30 Nov 2019
Visit/cloud/amazon-web-services-aws/354223/what-to-expect-from-aws-reinvent-2019
Amazon Web Services (AWS)

What to expect from AWS Re:Invent 2019

29 Nov 2019
Visit/hardware/354232/raspberry-pi-4-owners-complain-of-broken-wi-fi-when-using-hdmi
Hardware

Raspberry Pi 4 owners complain of broken Wi-Fi when using HDMI

29 Nov 2019
Visit/mobile/google-android/354189/samsung-galaxy-a90-5g-review-simply-the-best-value-5g-phone
Google Android

Samsung Galaxy A90 5G review: Simply the best value 5G phone

22 Nov 2019