Friday, October 31, 2025
Latest:

Threatshub.org sponsored-Post

The Register

NHS left with sick PCs as suppliers resist Windows 11 treatment

TH Author

NHS hospitals are being blocked from fully upgrading to Windows 11 by a small number of suppliers that have yet to make their medical devices compatible with Microsoft’s latest operating system.

Digital Health News reported this week that one supplier quoted the Rotherham NHS Foundation Trust £25,000 to upgrade a three-year-old device so it would work with Windows 11, which rolled out in 2021.

James Rawlinson, the trust’s director of health informatics, said that while 98 percent of its Microsoft estate has already been upgraded, around 2 percent of devices remain on older software because suppliers have not yet updated their systems to support Windows 11.

“We have some examples where we bought clinical and medical equipment and the manufacturer now says we have to buy it brand new even though it’s only three years old,” Rawlinson said.

Microsoft officially ended support for Windows 10 on October 14, meaning any devices still running the operating system will no longer receive critical security patches – including those used in medical settings.

While Redmond offers a paid Extended Security Updates (ESU) program for organizations and users unable to move off Windows 10, the directive from NHS England is to upgrade to Windows 11 to protect patient data and keep clinical systems secure.

Rawlinson said the trust had quarantined outdated devices to minimize cyber risk while it attempted to negotiate solutions with suppliers, calling the issue “worrisome.”

“Historically these medical equipment suppliers have provided end-to-end support for their software and equipment, but then suddenly say ‘It’s nothing to do with us, it’s up to your local IT to look after it, but don’t worry, you can buy extended support from Microsoft.’ It just stinks,” he said.

In addition to the cybersecurity risks posed, Rawlinson noted that taking outdated systems offline could also impact care – for example, by preventing pacemakers from communicating with cardiology systems. “You just hope and pray that nothing untoward happens,” he said.

A ransomware attack on pathology services provider Synnovis in June 2024 resulted in thousands of NHS appointments being postponed and was linked to the death of at least one patient.

It was the NHS’s sluggish response to replacing outdated Windows XP and 7 systems that left it exposed to the devastating WannaCry attack of 2017, which brought the healthcare system to its knees and left the Department of Health and Social Care footing a £92 million bill.

El Reg has contacted NHS England to determine what proportion of the NHS estate remains on Windows 10 and to understand whether other trusts face similar issues with outdated devices. ®

READ MORE HERE