NHS trust’s ‘end-of-life’ network infrastructure risks clinical systems

End-of-life network infrastructure at Dartford and Gravesham NHS Trust (DGT) is putting the ability to use clinical digital systems at risk, according to a board report. 

A risk register in trust board paper, published on 3 April 2025, says that the network infrastructure, which consists of various Cisco switches and an extreme wireless local area network (LAN) setup is more than five years old and has “become obsolete, lacking vendor support”.

“This increases the risk of failure, the absence of security patches, and no vendor support,” it says.

The most six critical switches (core and distribution layer) and 73 edge switches (end user switches) are going to end of life on 31 October 2025 and eight ports on one of the core switches are already dead.

A spokesperson for Dartford and Gravesham NHS Trust told Digital Health News: “The trust acknowledges that certain legacy IT systems and end-of-life network infrastructure present challenges.

“While there is no immediate evidence suggesting these issues have directly compromised patient safety, we recognise the potential risks associated with outdated technology.

“The legacy issues impact a few critical platforms, including electronic patient records (EPR), electronic prescribing and medicines administration (EPMA) and clinical decision support systems.

“We have initiated a comprehensive digital transformation programme, including infrastructure upgrades, cybersecurity enhancements and staff training to ensure our workforce is equipped to utilise new technologies effectively.

“We will always ensure patient safety remains our utmost priority, and we are actively working to mitigate any risks.”

To modernise and align with technological advancements, the board paper says the trust proposes “a comprehensive upgrade to the Cisco Catalyst 9k switches along with implementing the Cisco Catalyst 9k wireless LAN controller and access points” by the end of 2025.

The paper adds: “Failure of some items that can no longer be replaced would be catastrophic as the whole trust would be affected.

“However, failure of other items which are replaceable would be less significant.

“This risk [is] to be retained as the higher of the two, [with a] new risk to be created for the less-significant aspects.”

Julius Christmas, non-executive director at Dartford and Gravesham, confirmed at the board meeting that he had visited the trust’s IT team and discovered “legacy issues”.

“I came away aware that, despite best endeavours, the IT team are dealing with several legacy issues with limited capacity and single points of failure in terms of skills.

“These legacy issues include critical platforms, which could have significant impact if not addressed and should be reflected on the risk register,” he said.

The need to replace end-of-life and legacy systems is an ongoing issue for the NHS, which can lead to difficulties in upgrading software.

Fears have been raised that the NHS could be hit by cyber security issues in October 2025 when Windows 10 will no longer receive security updates, because outdated hardware means that organisations are not able to migrate to Microsoft Windows 11.