The overwhelming majority of NHS hospital trusts in England are continuing to use Microsoft’s unsupported Windows XP operating system, putting patients and their organizations at risk. According to new research conducted by software company Citrix, nine out of ten NHS trusts questioned confirmed they still have PCs running the outdated software. Citrix issued Freedom of Information (FoI) requests to 63 NHS trusts in October, with 42 responding. Of the respondents, half (24) said they were unsure as to when they will migrate to a newer system. Meanwhile, 14 percent claimed they would be upgrading by the end of the year, and 29 percent said they would make the move some time in 2017. Introduced in 2001, Windows XP has stopped receiving security updates from Microsoft since April of last year, leaving many systems vulnerable to threats. Although, in some cases, the percentage of overall Windows XP-operated devices was small, experts argue the risk of running the unsupported software could be significant. As Citrix explained: “Whilst many authorities now only use a small number of devices that run Windows XP, the transition to a newer operating system needs to happen as a matter of urgency.”
“With the health sector accounting for the most data security breaches across all public sector departments, it is critical that up-to-date and secure software is in place to safeguard patient data against cyber-attackers,” said Citrix.
Tim Erlin, senior director of IT security and risk strategy at Tripwire, adds: “Organizations that continue to rely on Windows XP today are well past the stage where ‘planning a transition’ is an acceptable response. Significant mitigation actions need to be taken if XP simply can’t be replaced.”
