| 19.5°C Dublin

HSE still has 30,000 computers running Windows 7 six months after devastating cyber attack


Stock image

Stock image

Stock image

The HSE is still running obsolete Windows 7 on nearly 30,000 computers, six months after it was hit by a devastating cyber attack.

The out-of-date PCs have been branded as “potentially vulnerable” by IT security experts.

However, HSE bosses insisted the computers are gradually being swapped for more modern machines.

They also said the PCs are protected as part of a special security arrangement with Microsoft.

Despite the assurances, cyber security experts said using Windows 7 is a problem.

“There’s a higher risk of getting compromised with Windows 7 than using a modern operating system like Windows 10,” said Brian Honan, CEO of cyber security firm BH Consulting.

An Oireachtas Committee will today demand answers on what has been done to improve cyber security since the HSE’s entire IT system was compromised, causing €100m in costs and immeasurable health damage around the country.

They will also ask communications minister of state Ossian Smyth why no permanent CEO has yet been appointed to the National Cyber Security Centre, more than a year after the job was first advertised.

Mr Smyth is likely to be asked by the committee why so many HSE computers are still using an out-of-date operating system that even Microsoft itself now brands as obsolete.

“The kindest way you could describe it is sub-optimal,” said Conor Flynn, CEO of IT security firm Isas.

“Older machines like that can also have other problems, apart from their operating systems.”

Windows 7 computers do not get as many security updates as newer machines, even with extended warranties.

Daily Digest Newsletter

Get ahead of the day with the morning headlines at 7.30am and Fionnán Sheahan's exclusive take on the day's news every afternoon, with our free daily newsletter.

This field is required

In the US, the FBI recently warned that continued use of Windows 7 can contribute to a greater risk of being hacked.

Earlier this year, a cyber breach of a water plant in Florida was blamed on a combination of poor password security and “outdated” Windows 7 systems.

An HSE spokesperson told the Irish Independent that 29,892 Windows 7 computers are still in operation across the health service, of which 12,000 “cannot be replaced or upgraded at this time” because they are associated with specialist machines such as X-ray or laboratory devices.

Of the remaining 17,892 Windows 7 machines, 11,563 are currently “subject to a Windows 10 refresh programme”, the spokesperson said.

Separately, a spokesperson for the Department of Public Expenditure confirmed that of 4,000 computers used by government bodies, including the Department of Finance and Department of Children and Youth Affairs, only 10 still use Windows 7.

However, there are no current figures available for larger government bodies, such as the Department of Employment and Social Affairs, which had 11,000 PCs still using Windows 7 at the start of 2020.

Windows 7 stopped receiving security support in January 2020. Microsoft had previously warned government departments of the cut-off date as early as 2015.

IT services companies advise that it can take years for large organisations to switch computer operating systems.

Related topics

Most Watched