The NHS is putting itself at risk of a cyberattack by failing to update its computers from Windows 7, new research has warned.
A government report has found that about three-quarters of NHS computers are still running Windows 7.
This is despite Windows 7 having less than half a year left before Microsoft ends officially supporting the outdated OS.
The news was discovered in an official response from the Department of Health and Social Care to Jo Platt MP, a shadow cabinet office minister after she posed an official parliamentary query.
“With less than six months before Windows 7 support expires, it is deeply concerning that over a million NHS computers, over three quarters of the total NHS IT estate, are still using this operating system,” Platt said.
Questions have been raised over the cybersecurity capabilities of the NHS since it was ravaged by the WannaCry ransomware attack in May 2017. The NHS was hit with estimated costs of around £92m, with 20,000 appointments needing to be cancelled.
Platt added, “The WannaCry cyber attack two years ago starkly proved the dangers of operating outdated software. Unless the government swiftly acts and learns from their past mistakes they are risking a repeat of WannaCry.”
The reply, from Jackie Doyle-Price, parliamentary under secretary of state for mental health, inequalities and suicide prevention, revealed that 1.05 million NHS computers were still running Windows 7
She noted that the NHS’ migration process to Windows 10 is well underway, stating, “All NHS organisations, with the exception of one which had already upgraded to Windows 10, have signed up to receive Windows 10 licences and Advanced Threat Protection.”
“Deployment of Windows 10 is going well and in line with target to make sure the NHS is operating on supported software when Windows 7 goes out of support in 2020.”
Microsoft is set to remove support for Windows 7 in January 2020, meaning it will no longer provide regular security updates for the software. The company has said it would be prepared to offer customised patching and support packages, but would charge heavily for doing so.