Patient records open to hackers due to NHS Trusts failing to sign up to Windows XP extended support


Kat hall reports in the Register that some NHS trusts have failed to put agreements in place with Microsoft for extended security support for Windows XP.

A majority of NHS trusts still operate Windows XP based machines and have signed up to a Cabinet Office agreement with Microsoft to provide ongoing security upgrades until April 2015; however, 18 trusts have so far failed to sign the agreement.

The article highlights that a total of 1.1 million PCs and laptops are estimated to be running Windows at trusts, GPs and other health groups that comprise the NHS in England.  The security risks from a lack of security support depend on factors such as how many non-upgraded machines are on the networks, the effectiveness of perimeter defences and the availability of suitable exploits for an attacker to use.