NHS still running Windows XP on over 2,000 computers despite spate of cyber attacks
The NHS has admitted it is still running Windows XP on over 2000 computers, even though the operating system stopped receiving security updates five years ago.
In a written answer, health minister Jackie Doyle-Price said: “As of July 2019, approximately 2,300 National Health Service computers are using Windows XP from a total of around 1.4 million.
“This equates to 0.16 per cent of the NHS estate. We are supporting NHS organisations to upgrade their existing Microsoft Windows operating systems, allowing them to reduce potential vulnerabilities and increase cyber resilience.”
After the major Wannacry ransomware cyber attack which crippled the health service for several days in 2017, the NHS admitted 4.7 per cent of its computers ran Windows XP.
Last year, the Department of Health and Social Care said it would spend £150m to upgrade all NHS machines to Windows 10 by 14 January 2020. That is when updates for Windows 7 ends.
‘A huge gamble’
Hackerone security engineer Laurie Mercer said: “Any organisation still using Windows XP today is taking a huge gamble with their security and will be putting the data they hold at serious risk.
“That the NHS continues to use unpatched, out of date software is incredibly irresponsible when we consider the sensitive data the NHS holds and the ease with which a malicious attacker could exploit this glaring weakness. Out of date software needs to be updated, upgraded and, if this is not possible, switched off.
“Ordinary people have no choice whether they use the NHS or not so do not have the option of choosing a more secure provider.”
Data security fines
The admission comes hot on the heels of the Information Commissioner’s Office doling out £238m-worth of fines to British Airways and hotel group Marriott International last week.
These were for not taking enough cybersecurity precautions, which led to both firms being subject to cyberattacks.
The two fines, issued in little more than 24 hours, amount to more than three-quarters of the total fines given by the Financial Conduct Authority (FCA) in the whole of the past year. This is despite the fact the FCA has traditionally given far harsher fines than the ICO.
source cityam
Industry: Cyber Security
Latest Jobs
-
- Infrastructure (Network / Security) Engineer | West London commutable | Permanent
- London
- Apply today
-
Infrastructure (Network / Security) Engineer | West London commutable | Permanent This is an in house opportunity. Looking for someone that has on prem / data center experience MUST be a currently hands on config, Install, upgrade, troubleshooting experience Routing, Switching, Network Security (firewall, IDS etc), Microsoft Active Directory / 365. VMWare Scripting / automation experience wanted. Python, Powershell etc Must be commutable to West London twice a week. Visa sponsorship not available. Apply today for more information Book a call via this link https://calendly.com/d/crqf-t28-7tb
-
- Identity & Access Management Architect
- Edinburgh
- Upto £95000 plus bonus and benefits
-
Location: Edinburgh | Hybrid Working | Permanent Are you an experienced Identity & Access Management professional with a passion for designing and implementing cutting-edge security solutions? We are looking for a Lead Architect, where you’ll play a key role in helping clients enhance their IAM capabilities, protect critical data, and navigate complex security challenges. About the Role As a Lead Architect, you will be responsible for shaping and delivering IAM strategies, designing robust security solutions, and driving long-term digital transformation. You’ll leverage your expertise to provide strategic guidance on areas such as: Identity Governance & Administration (IGA) Privileged Access Management (PAM) Access Management (AM) Entitlement Management Directories & Authentication Solutions You will have the opportunity to work with innovative technologies and frameworks, ensuring that businesses can securely manage access to critical assets while enabling growth. What You’ll Be Doing Providing subject matter expertise in IAM and leading transformation projects for clients Developing IAM roadmaps, operating models, and governance frameworks Driving innovation by integrating IAM capabilities into wider digital transformation strategies Building and maintaining strong relationships with clients and stakeholders Designing and implementing scalable IAM solutions to meet business needs What We’re Looking For Proven experience in IAM strategy, solution architecture, or assurance Strong leadership skills with experience guiding technical teams Ability to work in a client-facing role, delivering clear communication and insights A technology-focused, innovative mindset with strong business acumen Willingness to work from our Edinburgh office 2-3 days per week
-
- Security Architect - Cloud - Consultancy London
- London
- N/A
-
Security Architect with a focus into Cloud (AWS, Azure or Google Cloud Platform) needed. You must have client facing consultancy experience. This mean you must have experience working with clients helping them to meet their security design needs. That could include working with existing internal teams to understand, review and mitigate / uplift existing Cloud Security designs, or perhaps helping clients set out / understand their current needs and deliver their cloud security strategy. (Or anything in between) Technical knowledge is of course essential but working with clients to understand and solve their Cloud Security design challenges is vital. You must obviously have a current history working as a cloud security architect. You will need to be commutable to London. Whilst a hybrid role the expectation is 3 days a week in the office / meeting clients. International relocation or Visa sponsorship isn’t available for this role. Apply on this page and arrange a call here https://calendly.com/d/crpz-m7j-wyx