Security experts have warned that patient data is at risk after it was revealed that 90% of NHS Trusts in England are still running the unsupported Windows XP operating system. A Freedom of Information Act request from Citrix also found that just over half are not sure when they’ll upgrade to a newer system, while 14% think they’ll do so by the end of the year and 29% said the migration would happen some time in 2017. Unless these systems are being protected by virtual patching, they’ll be far more exposed to the threat of attack as Microsoft stopped issuing security updates for government PCs in April 2015. Many healthcare organizations have single purpose devices that don’t require network connection for their main purpose.
Windows XP operating system is a legacy system in my mind, support for Windows XP was ended on April 8, 2014. According to Microsoft, there will be no more security updates or technical support for the Windows XP operating system after this date. So Windows XP is very easy to be hacked today. But a lot of healthcare organizations didn’t update the systems yet. All the patients’ information remain risky before they update their operating system.
http://www.infosecurity-magazine.com/news/nine-in-ten-nhs-trusts-still-on/