An alarming number of computers in the Welsh National Health Service (NHS) are running Windows XP.
Is that really an appropriate level of security for computers that could be holding patients’ medical information?
Windows XP, as regular readers of We Live Security will know, was supposed to have breathed its last on April 8th 2014, when Microsoft stopped supporting it.
It’s not as though Windows XP’s death should have come as a shock. Microsoft has been warning of its end-of-support, and the need to upgrade to a safer operating system for years.
Unless you were able to wangle a special support contract with Microsoft (such as the one-year extension that the UK government purchased in the last chance saloon for £5.5 million), there have been no further security updates, no patches, and even those who though they were hanging on by their fingernails with Microsoft Security Essentials anti-virus updates have had those taken away from them.
In short, if you’re still running Windows XP you’re not just taking an enormous risk, you’re being – in my opinion – negligent.
However, that doesn’t mean that all organisations – let alone home users – have taken the sensible route of switching from Windows XP to a later version of Windows, or an alternative such as Linux.
Recent research has discovered, for instance, that 31% of UK local councils are using Windows XP in some fashion, with a grand total of 7% of all council PCs running the antiquated operating system.
And now, Welsh political party Plaid Cymru has released research showing an alarming number of computers in the Welsh National Health Service (NHS) are running Windows XP too.
Understandably, no-one is happy to see Windows XP still being used so widely within NHS Wales.
“These figures show just how much work remains to be done to ensure our NHS is making the best use of technology. Although all the health boards have policies in place for upgrading their computers, the figures show in many health boards the security issues caused by continued use of Windows XP have simply not been taken seriously,” said Plaid Cymru’s health spokeswoman Elin Jones.
More clearly needs to be done to ensure that appropriate security is in place to prevent personal data being held by XP-using organisations is not accidentally or deliberately compromised. Windows XP is not, in my humble opinion, appropriate security.
I am glad to hear that the apparent worst offender in the chart – Aneurin Bevan health board – plans to complete its upgrade of all XP-using computers this year, but seeing as Microsoft has been warning of the end of Windows XP for *so* many years, more should have been done sooner to find the funds and resources to upgrade computers sooner.
After all, wouldn’t you feel a little perturbed if the medical equipment looking after your pregnant wife was still running Windows XP?.
If circumstances outside of your control mean that you are still burdened with the responsibility of attempting to keep Windows XP computer secure, even without official support or patches, make sure to read the advice of ESET expert Aryeh Goretsky on what you can do to reduce the risks.