The NHS still has over 2,000 machines running Windows XP, the government had revealed, despite official support for the operating system running out in 2014.
The figures came in response to a parliamentary written question tabled by Jo Platt, the shadow Cabinet Office minister.
Parliamentary under secretary of state at the Department of Health, Jackie Doyle-Price, replied that the health service was running around 2300 XP computers as of July this year.
Platt criticized the figures as an indictment of the government’s failure to prioritize cybersecurity.
“The government is seriously lacking the leadership, strategy and co-ordination we need across the public sector to keep us and our data safe and secure. How many more warnings will it take before they listen and take action?” she said.
“The next Labour government will provide not only the resourcing but also the vital leadership, organization and dedication needed to get our public sector fit and resilient to fight the cyber-threats of the 21st century.”
The NHS was famously caught out by the WannaCry ransomware worm of 2017, which affected around a third of trusts and led to the cancellation of an estimated 19,000 operations and appointments.
Despite repeated warnings, and patches being made available by Microsoft, even for XP, systems were not updated quickly enough, leading to the ensuing chaos which is said to have cost the NHS around £92m to clean-up.
However, the government has been taking steps to address the problems, with a £150m cash injection announced last year said to be for Windows 10 upgrades, along with other measures.
Doyle-Price was also keen to put the 2300 figure in context: the NHS runs a total of around 1.4 million computers.
“This equates to 0.16% of the NHS estate,” she said. “We are supporting NHS organizations to upgrade their existing Microsoft Windows operating systems, allowing them to reduce potential vulnerabilities and increase cyber resilience.”
A report from Centrify last week revealed that the NHS has successfully repelled over 11.3 million email-based cyber-attacks over the past three years.