The National Health Service (NHS) has long been plagued by cybersecurity controversies, with one of the most notable incidents being the 2017 WannaCry ransomware attack that crippled its IT infrastructure.
Fast forward to 2020, as the COVID-19 pandemic swept across the globe, the NHS rapidly transitioned its IT operations from desktops to laptops to accommodate a growing remote workforce or the much discussed work from home culture.
However, this shift, intended to protect staff while ensuring operational continuity, hasn’t been without its challenges—especially as the organization grapples with a new set of concerns surrounding data privacy, security, and technology upgrades.
In particular, the NHS is now caught in a dilemma regarding the transition to Windows 11. Microsoft has announced that, starting in October 2025, it will no longer send security updates to devices running Windows 10, leaving these systems vulnerable to cyberattacks. While the solution might seem straightforward—upgrade to Windows 11—the reality is far more complicated for the NHS.
Many of the laptops used within the organization, purchased under a five-year contract with Microsoft, lack the necessary hardware to support Windows 11. This presents a significant challenge, as the only options available are to either extend the warranty on Windows 10 devices or replace them with new equipment—both of which would require additional funding, a concern given the already strained NHS IT budget.
Adding to the urgency of the situation is the ongoing issue of legacy IT systems, which have long been a headache for the NHS. A 2022 report from the British Medical Association highlighted that over 13.5 million hours of doctors’ time are lost each year due to malfunctioning or outdated technology.
As the NHS looks toward the end of this year, it faces a critical juncture. On one hand, it must secure its systems against increasing cybersecurity threats, and on the other, it must address the technological shortcomings that hinder its operations. Balancing these priorities will require swift action and significant investment if the NHS is to protect its staff, patients, and vital services in the years ahead.
