In 2015 the UK Government declined to renew their extended support contract for the very obsolete Windows XP, saying “We expect most remaining government devices using Windows XP will be able to mitigate any risks, using the CESG guidance.”
Two years later WannaCry ripped through the NHS, disabling computer networks in 20% of NHS trusts and sowing chaos which will affect patient care for months to come.
It seems that the UK Government has learned their lesson, and has now signed a new support deal with Microsoft which will cover all NHS organisations in the UK with the contract running until June 2018. The deal is part of NHS Digital’s cybersecurity efforts and will include providing patches and updates for all existing Windows devices including those running Windows XP, Windows Server 2003 and SQL 2005.
Besides patches, Microsoft will be providing a centralised, managed and coordinated framework for the detection of malicious cyber activity through its enterprise threat detection software, aiming to reduce the likelihood and impact of security breaches or malware infection across the NHS.
The NHS will also continue work at removing Windows XP from their systems, which is currently present in 4.7% of NHS trusts, down from 18% eighteen months ago.
Hopefully, the government will make an equally concerted effort to upgrade the rest of their network also, as Windows 7 exited regular support in 2015 already, and extended support itself ending less than 30 months from now.