The UK government’s decision to end extended support for Windows XP in 2015 has been heavily scrutinised following the recent cyber attack on the NHS. Critics argue that the government’s cost-cutting measure left NHS systems vulnerable. The government counters this claim, stating that it was NHS trusts’ responsibility to manage their IT estates, including migration from outdated systems.
The government had a custom support agreement (CSA) with Microsoft, allowing access to security patches for XP after the tech giant ended general support for the operating system in 2014. This CSA was not renewed due to the cost, leaving individual trusts to negotiate their own agreements. Many did not, leaving them exposed to the WannaCry ransomware attack.
It’s worth noting that the Department of Health had warned NHS trusts in 2014 about the risks of not migrating from XP. Some argue that the trusts lacked the funds to upgrade, but the government insists that over £50m was provided for updating systems.
Despite this, the National Audit Office reports that no NHS trust passed a cyber security inspection in the months prior to the attack. This raises questions about the effectiveness of the government’s strategy in protecting the NHS from cyber threats.
Go to source article: http://www.computerweekly.com/blog/Computer-Weekly-Editors-Blog/UK-government-NHS-and-Windows-XP-support-what-really-happened?platform=hootsuite