NHS cyber security concerns raised about move to Windows 11
- 6 March 2025

- Fears have been raised that the NHS could be hit by cyber security issues because organisations are not prepared to migrate to Windows 11
- From 14 October 2025, Microsoft Windows 10 will no longer receive security updates, but outdated hardware may not be able to upgrade to Windows 10
- The problem has been caused by a shift from working on PCs to laptops during the Covid-19 lockdown in March 2020
Fears have been raised that the NHS could be hit by cyber security issues because organisations are not prepared to migrate to Windows 11.
From 14 October 2025, Microsoft Windows 10 will no longer receive security updates, but outdated hardware may not be able to upgrade to Windows 11.
James Rawlinson, director of health informatics at the Rotherham NHS Foundation Trust, told Digital Health News: āWhen lockdown happened on 16 March 2020, within 24 hours the NHS was dishing out more laptops than it ever had done.
āAt Rotherham – and this was replicated across the country – our mix of desktop PCs to laptops shifted completely.
āTraditionally in the NHS it was about 70% PCs and 30% laptops, but that mix is now more like 80% laptops.
āLaptops donāt last forever ā they wear out and become older much faster than desktop computers.
āThose laptops from lockdown are now five years old, which means lots of them need updating.
āFor chief information officers across Yorkshire and Humber this is a real problem because the NHS capital budget hasnāt grown to accommodate these things that are five-years-old in the next financial year.
āItās a tsunami of events ā lots of kits that are five years old and need updating plus a major Windows update that needs accommodating, so weāre all scrabbling around working out how to manage with that.
āThis could put us at a greater cybersecurity vulnerability as weāll no longer be able to have patches and security updates for those Windows 10 devices.ā
Rawlinson added that there needs to be national capital funding provided for underlying technology infrastructure in healthcare.
Microsoft published a blog post in October 2024 advising about how to prepare for the move to Windows 11.
In the post, Yusuf Mehdhi, executive vice president and consumer chief marketing officer at Microsoft, says: āAs security threats evolve and adapt, so must our operating systems and hardware.
āBecause of this, we designed Windows 11 to be the most secure version of Windows ever ā by default and design ā to help you stay ahead of those risks.ā
It adds that Microsoft will continue to provide security intelligence updates for Microsoft Defender Antivirus through to at least October 2028 under the paid Extended Security Updates programme.
A spokesperson for NHS England told Digital Health News: āWe negotiated a five-year deal with Microsoft that provides all NHS organisations with the latest suite of Microsoft security solutions to ensure that their systems are up to date and secure.
āLocal organisations are responsible for managing any necessary upgrades themselves and we are encouraging all organisations to ensure their transition to Windows 11 is complete before Microsoftās support for Windows 10 comes to an end in October.ā
Outdated hardware has long been an issue for the NHS with a report on IT, published by the British Medical Association (BMA) in 2022, finding that more than 13.5 million hours of doctorsā time was being lost each year in England due to delays resulting from āinadequate or malfunctioning IT systems and equipmentā.
Four in five doctors (80%) who responded to a BMA survey said improving IT infrastructure and digital technology would have a positive impact in tackling backlogs, with 72% saying that they would prioritise updating inefficient hardware.