Windows XP Use Places 90% of UK Hospitals at Risk of Cyberattack

Hospitals throughout the United Kingdom are still using the outdated, unsupported, and unpatched Windows XP release, even though by doing so they are placing their networks at risk of attack.

A recent study conducted by Citrix shows that 9 out of 10 National Health Service Trusts in the United Kingdom still have Windows XP machines in use. Microsoft has released Vista, Windows 8, and Windows 10 since Windows XP, and support for the XP operating system was stopped more than two years ago, yet hospitals are still using the machines.

Citrix submitted Freedom of Information requests to NHS trusts throughout the United Kingdom. 63 NHS trusts received the requests and 43 responded. While some NHS trusts have already made plans to retire Windows XP machines this year or next year, an alarming 57% of NHS trusts do not currently have any plans to upgrade their operating system. 14% said that they have plans in place to retire Windows XP devices this year and a further 29% said that they were planning to replace or upgrade Windows XP machines in 2017. However, it should be borne in mind that when Citrix requested this information in 2014, ¾ of NHS trusts said that they were planning to stop using Windows XP in 2015. That clearly hasn’t happened.

Unfortunately, many of the devices that are being used in UK hospitals are out of data and are not capable of running more recent Windows versions. Old applications are still used which have been written specifically for Windows XP and will not work on other releases. Upgrading the operating system is therefore not possible unless applications are also updated and new hardware is purchased. However, the failure to upgrade places NHS Trusts at a high risk of experiencing cyberattacks.

Cyberattacks on healthcare organizations have increased considerably in recent years due to the value of healthcare data on the black market. Ransomware is being used to encrypt hospital files to prevent critical medical information from being accessed. Two months ago, an NHS Trusts experienced a ransomware infection which took its systems out of action for days, resulting in operations and appointments being cancelled while IT staff struggled to bring their systems back online.

Flaws in Windows XP can all too easily be exploited by hackers to gain access to healthcare networks to steal data, install malware, or infect networks with ransomware. The cost of resolving those infections or mitigating risk after data breaches is considerable.

The cost of upgrading Windows XP machines may be considerable, but now two years after patches stopped being issued, it really is time to finally retire Windows XP.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of