The National Health Service (NHS) is grappling with significant cybersecurity concerns as it prepares to transition from Windows 10 to Windows 11, a move necessitated by Microsoft’s impending cessation of security updates for the older operating system. Starting October 14, 2025, the tech giant will no longer provide critical security updates for Windows 10, leaving systems that remain on this platform vulnerable to cyber threats. This timeline has put pressure on organizations like the NHS, which relies heavily on a multitude of devices distributed across its extensive network. The urgency of the situation is further compounded by hardware limitations that prevent many devices from upgrading to Windows 11, particularly laptops distributed during the early days of the COVID-19 pandemic.
Shift from Desktop PCs to Laptops
James Rawlinson from Rotherham NHS Foundation Trust highlighted that the NHS’s shift from primarily desktop PCs to laptops during the pandemic has created a looming issue. Following the widespread switch to remote work and digital health services, 80% of NHS devices are now laptops. While this shift was critical for maintaining healthcare delivery under unprecedented circumstances, the resulting technology landscape presents new challenges. Unlike desktop computers, laptops have shorter life spans and faster degradation rates, meaning many units now exceed five years of usage. As these devices age, the need for upgrades becomes increasingly urgent to ensure they meet modern cybersecurity standards. However, the capital necessary for such widespread replacements is not readily available.
The financial aspect adds another layer of complexity to the dilemma. Despite the apparent necessity for investment in new technology, the NHS’s capital budget has not seen commensurate increases to cover the requisite technological updates. This discrepancy highlights the pressing need for national capital funding to support healthcare technology infrastructure adequately. Without an infusion of funds, many devices could become obsolete and remain vulnerable to cyber threats, compromising patient confidentiality and health service continuity.
Need for Updated Security Solutions
Supporting the need for updated security measures, Microsoft has been vocal about the advantages of Windows 11, which is designed to elevate security and stay ahead of evolving threats. Windows 11 incorporates advanced features intended to mitigate the risk of cyberattacks, making it the most secure version ever released by Microsoft. However, leveraging these features requires compatible hardware, posing a significant challenge for the NHS, given its current hardware limitations. An NHS England spokesperson echoed these sentiments, underscoring the importance of maintaining updated systems to fortify defenses against cyber intrusions. While the NHS has negotiated a comprehensive five-year deal with Microsoft to provide the latest security solutions, the responsibility of managing local upgrades and ensuring that systems are compatible with Windows 11 falls upon individual organizations.
Compounding these concerns is a report from the British Medical Association (BMA) in 2022, which brought to light the longstanding issue of outdated information technology within the NHS. The report detailed significant time losses attributable to malfunctioning systems, with many doctors indicating that modernizing IT infrastructure could help alleviate backlogs and enhance overall efficiency. The findings underscore that the problem of outdated technology isn’t new but has become increasingly urgent in the face of growing cybersecurity threats and operational demands.
Financial and Operational Implications
The National Health Service (NHS) is facing major cybersecurity challenges as it readies itself for the transition from Windows 10 to Windows 11. This shift has become urgent due to Microsoft’s plan to stop providing crucial security updates for Windows 10 after October 14, 2025. Once these updates cease, systems still running on Windows 10 will be exposed to significant cyber threats. This situation has increased the pressure on entities like the NHS, which depends on a wide array of devices throughout its vast network. The urgency is heightened by the fact that many of these devices have hardware limitations, making them incompatible with Windows 11. This issue is especially acute with laptops issued during the early phase of the COVID-19 pandemic, which are particularly ill-equipped to handle the new operating system. The NHS must now navigate these challenges to ensure its IT infrastructure remains secure and efficient, amidst an evolving digital landscape and increasing cybersecurity risks.
