NHS cyber security concerns raised about move to Windows 11

Fears have been raised that the NHS could be hit by cyber security issues because organisations are not prepared to migrate to Windows 11.

From 14 October 2025, Microsoft Windows 10 will no longer receive security updates, but outdated hardware may not be able to upgrade to Windows 11.

James Rawlinson, director of health informatics at the Rotherham NHS Foundation Trust, told Digital Health News: “When lockdown happened on 16 March 2020, within 24 hours the NHS was dishing out more laptops than it ever had done.

“At Rotherham – and this was replicated across the country – our mix of desktop PCs to laptops shifted completely.

“Traditionally in the NHS it was about 70% PCs and 30% laptops, but that mix is now more like 80% laptops.

“Laptops don’t last forever – they wear out and become older much faster than desktop computers.

“Those laptops from lockdown are now five years old, which means lots of them need updating.

“For chief information officers across Yorkshire and Humber this is a real problem because the NHS capital budget hasn’t grown to accommodate these things that are five-years-old in the next financial year.

“It’s a tsunami of events – lots of kits that are five years old and need updating plus a major Windows update that needs accommodating, so we’re all scrabbling around working out how to manage with that.

“This could put us at a greater cybersecurity vulnerability as we’ll no longer be able to have patches and security updates for those Windows 10 devices.”

Rawlinson added that there needs to be national capital funding provided for underlying technology infrastructure in healthcare.

Microsoft published a blog post in October 2024 advising about how to prepare for the move to Windows 11.

In the post, Yusuf Mehdhi, executive vice president and consumer chief marketing officer at Microsoft, says: “As security threats evolve and adapt, so must our operating systems and hardware.

“Because of this, we designed Windows 11 to be the most secure version of Windows ever — by default and design — to help you stay ahead of those risks.”

It adds that Microsoft will continue to provide security intelligence updates for Microsoft Defender Antivirus through to at least October 2028 under the paid Extended Security Updates programme.

A spokesperson for NHS England told Digital Health News: “We negotiated a five-year deal with Microsoft that provides all NHS organisations with the latest suite of Microsoft security solutions to ensure that their systems are up to date and secure.

“Local organisations are responsible for managing any necessary upgrades themselves and we are encouraging all organisations to ensure their transition to Windows 11 is complete before Microsoft’s support for Windows 10 comes to an end in October.”

Outdated hardware has long been an issue for the NHS with a report on IT, published by the British Medical Association (BMA) in 2022, finding that more than 13.5 million hours of doctors’ time was being lost each year in England due to delays resulting from ‘inadequate or malfunctioning IT systems and equipment’.

Four in five doctors (80%) who responded to a BMA survey said improving IT infrastructure and digital technology would have a positive impact in tackling backlogs, with 72% saying that they would prioritise updating inefficient hardware.