Two years ago, the NHS was a victim of a crippling attack by malware which exploited unpatched vulnerabilities in poorly supported legacy PCs. The attack disabled much of the NHS IT systems, leading to many essential healthcare-related services being cancelled and even emergency departments being forced to close, and ommunication having to revert to pen and paper.
It appears that the National Health System’s IT department has learnt little from this lesson- with more than 3/4 of the NHS’s IT systems still on Windows 7, despite only 6 months left before the operating system will exit support.
The news was confirmed by Jackie Doyle-Price, the Parliamentary Undersecretary for the State, who stated in parliamentary questions that 1.05 million NHS PCs were still running Windows 7, despite the migration process to Windows 10 being underway for some time, and licences already being in place to update the OS.
Doyle-Price claimed that the NHS was on track to completing the migration before the January deadline, saying “deployment of Windows 10 is going well and in line with targets to make sure that the NHS is operating on supported software when Windows goes out of support in 2020.”
Given the fact, however, that the majority of PCs are still on the nearly 10-year-old OS, it seems likely that this optimism is misplaced. Doyle-Price declined to confirm whether the NHS had purchased extended support from Microsoft, which would allow the organisation to continue using Windows 7 and receive security updates, though at a considerable cost.
In a frightening portend of what’s to come in January 2020; Doyle Price did, however, confirm that some NHS computers were still running 18-year-old Windows XP- saying that it is not possible to set a time frame for the removal of Windows XP from all NHS machines.