| 6.4°C Dublin

Wide open HSE still running obsolete Windows 7 on nearly 30,000 computers six months after hack

The out-of-date PCs have been branded as "potentially vulnerable" by IT security experts


Stock photo

Stock photo

Stock photo

The HSE is still running obsolete Windows 7 on nearly 30,000 computers, six months after it was hit by a devastating cyber attack.

The out-of-date PCs have been branded as "potentially vulnerable" by IT security experts.

However, HSE bosses insisted the computers are gradually being swapped for more modern machines.

They also said the PCs are protected as part of a special security arrangement with Microsoft.

Despite the assurances, cyber security experts said using Windows 7 is a problem.

"There's a higher risk of getting compromised with Windows 7 than using a modern operating system like Windows 10," said Brian Honan, CEO of cyber security firm BH Consulting.

An Oireachtas Committee will today demand answers on what has been done to improve cyber security since the HSE's entire IT system was compromised, causing €100m in costs and immeasurable health damage.

They will also ask communications minister of state Ossian Smyth why no permanent CEO has yet been appointed to the National Cyber Security Centre, more than a year after the job was first advertised.

Mr Smyth is likely to be asked by the committee why so many HSE computers are still using an operating system that even Microsoft itself now brands as obsolete.

"The kindest way you could describe it is sub-optimal," said Conor Flynn, CEO of IT security firm Isas. "Older machines like that can also have other problems, apart from their operating systems."

Windows 7 computers do not get as many security updates as newer machines, even with extended warranties.

Sunday World Newsletter

Sign up for the latest news and updates

This field is required This field is required

In the US, the FBI recently warned that continued use of Windows 7 can contribute to a greater risk of being hacked.

Earlier this year, a cyber breach of a water plant in Florida was blamed on a combination of poor password security and "outdated" Windows 7 systems.

An HSE spokesperson told the Herald that 29,892 Windows 7 computers are still in operation across the health service, of which 12,000 "cannot be replaced or upgraded at this time" because they are associated with specialist machines such as X-ray or laboratory devices.

Of the remaining 17,892 Windows 7 machines, 11,563 are currently "subject to a Windows 10 refresh programme", the spokesperson said.

Separately, a spokesperson for the Department of Public Expenditure confirmed that of 4,000 computers used by government bodies, including the Department of Finance and Department of Children and Youth Affairs, only 10 still use Windows 7.

However, there are no current figures available for larger government bodies, such as the Department of Employment and Social Affairs, which had 11,000 PCs still using Windows 7 at the start of 2020.

Windows 7 stopped receiving security support in January 2020. Microsoft warned government departments of the cut-off date as early as 2015.

IT services companies advise that it can take years for large organisations to switch computer operating systems.

Download the Sunday World app

Now download the free app for all the latest Sunday World News, Crime, Irish Showbiz and Sport. Available on Apple and Android devices