Many of the N.H.S. computers still run Windows XP, an out-of-date software that no longer gets security updates from its maker, Microsoft. A government contract with Microsoft to update the software for the N.H.S. expired two years ago.
“Historically, we’ve known that N.H.S. uses computers running old versions of Windows that Microsoft itself no longer supports and says is a security risk,” said Graham Cluley, a cybersecurity expert in Oxford, England. “And even on the newest computers, they would have needed to apply the patch released in March. Clearly that did not happen, or the malware wouldn’t have spread this fast.”
Several news reports have addressed the outdated systems of the N.H.S. that potentially left confidential patient data vulnerable to attack. Last November, Sky News did an investigation showing that units of the N.H.S., serving more than two million people, spent nothing on cybersecurity in 2015. Jennifer Arcuri, of Hacker House, which worked with Sky on the report, said then: “I would have to say that the security across the board was weak for many factors.”
Source: INTEL TODAY DIARY — May 14 2017