Besides hundreds of thousands of innocent Brits, one of the biggest victims of the cyber attack on the NHS has been Microsoft’s Windows, with the OS being constantly named on the television as being vulnerable and compromised.
This is, however, akin to driving on bald tyres and declining to replace them when told your vehicle is at risk, and then blaming the car company when you finally do crash.
It has now been revealed that the government had knowingly failed to renew an extended support contract for Windows XP in 2015, saying “We expect most remaining government devices using Windows XP will be able to mitigate any risks, using the CESG guidance.”
The extended support contract cost £5.5 million a year and was only necessary because the government was not keeping their IT systems up to date in the first instance.
An April 2014 letter from the Cabinet Office and Department of Health to healthcare chiefs warned: “It is imperative your organisation understands the risk placed on it should the decision be not to take out a [new Microsoft deal]. Integral is considering your… migration roadmap from XP and identify risk exposure and timeframes.”
Government Digital Service said at the time: “All departments have had seven years’ warning of the 2014 end of normal support and this one-year agreement was put together… to give everyone a chance to get off XP.”
It now is very apparent that forewarned is clearly not forearmed, and one wonders if any heads will roll in these slow-moving organisations who clearly do not understand the crucial role IT plays in ensuring their ability to render their services.
Microsoft has in the mean time responded by releasing security updates for XP, Windows 8 and Windows Server 2003, but with Windows 7, the world’s largest desktop operating, going out of support in only 2.5 years, we hope these companies have learned their lesson and migrate before it’s too late.