Two years after the WannaCry ransomware outbreak shone a light on the computer security of the UK’s National Health Service, and five years after Microsoft said it would no longer release patches for Windows XP, the NHS still has 2300 PCs running the outdated operating system.

The worrying statistic came to light in the response to a parliamentary question asked by shadow minister Jo Platt MP.

Parliamentary question

The fact that 2,300 NHS computers are still running Windows XP is, obviously, not great news.

The NHS can ill-afford to suffer another attack like WannaCry, which an investigation found affected 34% of NHS trusts in England, causing 19,000 appointments to be cancelled, and significant costs related to IT support and data recovery.

Windows XP may not have contributed much to the NHS’s WannaCry woe, but it did underline the sorry state of the organisation’s IT infrastructure which had historically not received as much funding as it deserved.

With the ransomware outbreak dominating British headlines and living long in the public’s memories, the UK government was keen to be seen as taking action to support the NHS and protect patient data, and in April 2018 a £150 million plan was announced to upgrade all NHS systems to Windows 10 “over the next three years.”

Quite frankly, if it does take the NHS until April 2021 to migrate all of its PCs to a modern operating system it’s far from ideal, as Microsoft will have dropped support for Windows 7 long before in mid-January 2020.

In short, it sounds as if time is quickly running out.

I’m sure there’s not a single person who works at the NHS on IT security who feels that the situation is perfect, but the truth is that the resources have simply not been there to successfully eradicate XP (Read more...)