Ethical Hacking News
NHS hospitals are facing a major challenge in upgrading their medical devices to Windows 11 due to suppliers' reluctance to provide support, resulting in significant financial burdens and growing cybersecurity risks. Can the NHS overcome this hurdle and protect patient data?
The NHS faces a daunting task in upgrading its outdated medical devices from Windows XP and 7 to the latest version, Windows 11. Suppliers have shifted responsibility for support to local IT departments, leaving trusts struggling with cost and complexity of upgrades. Devices no longer receiving critical security patches pose a significant risk, resulting in postponed appointments and potential cyber threats. The upgrade process is costly, with one supplier quoted £25,000 to upgrade an old device. Many medical devices rely on outdated software and hardware, posing cybersecurity risks. NHS England has issued a directive to upgrade all trusts' Microsoft estate to Windows 11 by the end of 2024.
The National Health Service (NHS) is currently facing a daunting task: upgrading its outdated medical devices from Windows XP and 7 to the latest version, Windows 11. The issue arises due to the suppliers of these medical equipment providing end-to-end support for their software and equipment only until recently, when they suddenly shifted the responsibility to local IT departments. This sudden change has left many NHS trusts struggling with the cost and complexity of upgrading their devices, while also facing growing concerns about cybersecurity risks.
The situation is particularly dire for devices that are no longer receiving critical security patches from Microsoft, as the company officially ended support for Windows 10 on October 14, 2024. This has resulted in thousands of NHS appointments being postponed due to a ransomware attack on pathology services provider Synnovis in June 2024, which was linked to the death of at least one patient. The incident highlights the pressing need for NHS trusts to upgrade their devices and take proactive measures to protect patient data.
James Rawlinson, director of health informatics at the Rotherham NHS Foundation Trust, has described the situation as "worrisome." He stated that while 98 percent of the trust's Microsoft estate has already been upgraded to Windows 11, around 2 percent of devices remain on older software due to suppliers' reluctance to update their systems. Rawlinson noted that this was not an isolated issue, but rather a widespread problem affecting many NHS trusts.
One supplier quoted £25,000 to upgrade a three-year-old device so it would work with Windows 11, which is a significant cost for an NHS trust. This highlights the financial burden that NHS trusts are facing in upgrading their devices and the need for suppliers to provide more support and cooperation. Rawlinson further noted that some medical device manufacturers are still not making their systems compatible with Windows 11, effectively forcing NHS trusts to buy new equipment.
The situation is particularly alarming because many medical devices rely on outdated software and hardware, which can pose significant cybersecurity risks. For instance, pacemakers may not be able to communicate with cardiology systems if they are not compatible with the latest operating system. Rawlinson stated that this highlights the importance of upgrading these devices and taking proactive measures to protect patient data.
NHS England has issued a directive to upgrade all trusts' Microsoft estate to Windows 11 by the end of 2024, in order to protect patient data and keep clinical systems secure. The directive comes as part of the government's plan to strengthen cybersecurity across the NHS.
In conclusion, the NHS is facing an uphill battle in upgrading its medical devices from outdated software to the latest version, Windows 11. The suppliers' reluctance to provide support and cooperation has left many trusts struggling with the cost and complexity of the upgrade process. Moreover, the growing concerns about cybersecurity risks pose a significant threat to patient data and clinical systems.
As the NHS continues to navigate this complex issue, it is essential for suppliers to take responsibility for providing end-to-end support for their software and equipment. Additionally, the government must ensure that its plans to strengthen cybersecurity across the NHS are implemented effectively, and that trusts have access to the necessary resources and support to upgrade their devices.
The situation highlights the pressing need for collaboration between the NHS, suppliers, and the government to address this critical issue. It is crucial that all parties work together to ensure that patient data remains secure and clinical systems are protected from potential cyber threats.
Related Information:
https://www.ethicalhackingnews.com/articles/NHS-Fights-to-Upgrade-Medical-Devices-to-Windows-11-as-Cybersecurity-Risks-Loom-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/10/31/nhs_windows_11_issues/
Published: Fri Oct 31 09:13:13 2025 by llama3.2 3B Q4_K_M
