back to article 90 per cent of the UK's NHS is STILL relying on Windows XP

The NHS is still running Windows XP en masse, two and a half years after Microsoft stopped delivering bug fixes and security updates. Nearly all of England NHS trusts – 90 per cent – continue to rely on PCs installed with Microsoft’s 15-year-old desktop operating system. Just over half are still unsure as to when they will …

Anonymous Coward

Re: Amortisation, anyone?

"Someone selling you kit and agreeing to share the design and all source code, with an agreement that says you can use that information either if the vendor disappears or if you think the vendor's support offering is too pricey, will immediately have an expected lifetime of N-times longer than the schmuck who sells a closed system. That makes it N-times cheaper than the (closed) competition."

Not if the vendor raises the price tag too high or just refuses on the grounds of trade secrets. They probably don't trust you, and nor will any other vendor since they have trade secrets of their own to protect. Programs are closed for a reason. If NO vendor offers an open source but you NEED the new equipment due to an immediate need to replace (which is how it tends to go), what option do you have left? You've just pushed the demand curve beyond the supply curve, meaning they don't intersect, meaning an unsatisfiable market.

Also, another problem is that the software can be obsoleted without warning because the software industry moves so fast. Did anyone predict at the time of Windows XP that we'd be at Windows 10 now? Probably not. It's not the king of thing that's easy to predict.

1
0
Anonymous Coward

Move On Folks, Nothing Of Surprise To See Here

As someone who used to work in a permanent role in NHS IT until made redundant, I can tell people reading this that the trusts in question simply don't have the resources to do anything about it. IT support in the NHS is a daily reactionary process, fire-fighting, if they manage even that. In most trusts it is regarded as a necessary evil, an unwelcome financial overhead, in terms of hardware, software and staff support. If they are still running XP it means the PCs in question are probably incapable of running any other version of Windows and don't have the staff resources or the financial means to outsource upgrading as a project anyway. In the county I worked in, only one Trust out of the four had a rolling replacement programme. Of the other three, only a number of months ago I learnt that one of the teaching hospitals was still running XP, even though they had outsourced IT support to the IT services arm of a really world-famous IT company. Apparently the expectation was that support would be cheaper and better than a continued in-house operation, but if they actually saved any money none of it was re-invested. This was a hospital that once applied for Foundation Hospital status.

2
0

When cheap disposable PCs / tablets can be had for little more than £100 it would make sense to let local trusts buy their own PCs strictly for internet access while all internal systems run on separate hardware which never touches the internet so doesn't have to be continually upgraded.

1
0
Silver badge

Except you never know when someone makes an effort to BRIDGE the devices, perhaps by a MAC-spoofed mole. Remember, not even Sneakernets and airgaps are immune.

0
2

Decent People

How about instead of trying to pay naff money for naff tech people, they pay decent money for decent tech people... that way they don't have to keep binning billion pound projects, because they've not even come close to accomplishing the task at hand...

A database which is accessible and easy, ... pay experts e.g. facebook, pay experts on what makes things easier e.g. the doctors they already have and not "experts" which haven't worked a day in a hospital e.g. health care ministers.

1
0
Thumb Up

Re: Decent People

How about instead of trying to pay naff money for naff tech people, they pay decent money for decent tech people.

Excellent idea, unfortunately the NHS and in fact all public bodies have gone the opposite way. Just look at the BBC and the furore about paying talent their worth.

In the NHS for example, Monitor has halved agency fees to the point where agency resources now get the same pay as permanent staff. Whilst you can argue the merits of utilizing agency staff all day long, halving pay means you are not going to get the same calibre of short-term staff to fill gaps. Why would any agency worker worth his/her salt, who doesn't get sick-pay, holiday pay, final salary pension etc. etc. work for the same pay as a permanent member of staff who gets all these benefits? They are asking the flexible, usually highly motivated and well trained agency worker to take all the risk for none of the benefits.

This becomes a false economy because a lower calibre of staff means work gets done either badly or slower, or both.

And with Brexit, this is going to create a perfect storm where agency staff are not willing to work for a pittance and they can't 'import' resources without significant barriers of immigration limits and visa requirements.

1
0
Anonymous Coward

Re: Decent People

"They are asking the flexible, usually highly motivated and well trained agency worker"

Hahahahaha. Hahahahaha. Hahaaaha. With the exception of one individual the agency staff I have worked with in the NHS over the years have been useless over paid wastes of space.

1
3

Re: Decent People

You've met nurses and clinicians who don't know what they are doing? Then they should be struck off.

0
0
Anonymous Coward

Re: Decent People

"They are asking the flexible, usually highly motivated and well trained agency worker"

Hahahahaha. Hahahahaha. Hahaaaha. With the exception of one individual the agency staff I have worked with in the NHS over the years have been useless over paid wastes of space.

Unlike the demotivated, untrained, mostly useless permanent IT staff I've worked with in a dozen NHS Trusts then.

1
0
Silver badge

You have GOT to be kidding

Is this report authentic? Oh sweet pogo chocolate Jesus, WTF?

0
2
Silver badge

Re: You have GOT to be kidding

Is this report authentic? Oh sweet pogo chocolate Jesus, WTF?"

No, it's click-bait.

0
0
x 7
Silver badge

I'll try to put this into context

I've just completed a crash migration of around 500 XP machines on a hospital site (they were the remaining few from around 4000). Of that 500 around 60 could not be upgraded for various reasons of compatibility. Almost every machine had a different issue, some examples of what were found as incompatible:

Switchboard software

Security camera controlling software

Power / light management

Temperature control sensor suite in catering, and in pharmacy

Engineering stock control

Medicine-specific labeling software

Security badge printing

X-ray viewing equipment

Various medical scanning / imaging gear

Car park barrier management (and payments)

Numerous automated lab machines

Print server for ancient dot matrix printers (payslips)

Many bespoke databases written in the year dot using Access 97/ Delphi / Borland / VB5/6........

Ancient commercial software packages that are too expensive to replace - or for which there isn't a direct replacement (e.g. blood glucose analysis)

Hardware for which Win7 drivers don't exist (e.g. a couple of expensive Samsung high capacity scanners)

Call monitoring

Emergency pager message sending

Out of date cashier/till systems for which there's no replacement budget

and the list could go on and on............

Yes, some of these are easy to fix given a budget. But there's no budget. And the key point is only around 60 machines out of around 4000 are affected. I believe the basic premise of the story is wrong: most NHS trusts are well on the way to replacement, but are stuck with a hard core of machines which are an expensive PITA to do anything about

8
0

Windows was promoted as a cheap solution for which there were ample developers available. One may wonder how good value these machines are in the long run. For some solutions (label-printers, pager-message sending) one may wonder if there are no other solutions.

0
0
Silver badge

And virtualizing XP does not always work, especially when XP need to communicate with certain hardware - and most hypervisors are not OK with that.

0
0
Silver badge

Custom hardware simply cannot be virtualized since their very function is considered a trade secret; you can't virtualize what you don't know. Thus we have the story of that computerized lathe that runs on XP because Vista and up doesn't support the ISA bus anymore and the lathe is controlled by a proprietary controller (trade secret, remember?) fitted to an ISA slot on the computer. Can't be upgraded due to that ISA card, and the lathe is still pretty young (meant to last decades and is still being amortized, so you can only cross your fingers.

And depending on the direction hardware takes in future, this may become more common rather than less, given that most ARM SoCs are built with fixed hardware in mind and therefore are more likely to use hard-and-fast memory maps rather than any kind of enumerating bus (USB being the possible exception).

1
0

As other have said, it's the issue of direct interaction between hardware and software that is the killer. Many moons ago, we had an expensive stereo-plotter (a device for analysing stereo-photographs). It was vital for our operations for many years. Snag was that a) it was built and maintained by a tiny company and b) the operating software (which was written by a one-man band) REQUIRED direct access to hardware ports, and this couldn't be worked round because some of the timings were critical. The software ran on MSDOS, so it could have access to hardware interrupts! And as time moved on it became harder and harder to move data from the stereo-plotter to our main network. Eventually, we reached the position where completely software based solutions were available and cost-effective, and at that point we retired the kit. But of course, hospitals are full of kit where a complete software solution isn't feasible, and many of the more specialized bits of kit, even ones with a big price-tag, are produced by tiny companies. I'm actually surprised that XP is the earliest OS in use; I wouldn't have been at all surprised if it was a DOS version.

0
0
Anonymous Coward

The fault is the operating system

It's one job is to run applications. That's it. If every 3-5 years the version of os is changed and in the process breaks all the apps that ran on it before, what is the point of it.

So the point must be to make money for the os vendor. They have no interest whatsoever in building an os ecosystem that keeps apps working.

Like others have said - no-one gives a shit about the os. They want it to get the hell out of the way so they can use the apps they want to use with as minimal change as possible on how to start them.

0
0
Silver badge

Re: The fault is the operating system

Clarification: It's main job is to allow the user to run applications. If one only needed to run applications without user intervention, then you can get away with something simpler like a scheduler. Only thing is, users have a wide range of aptitudes. Many need help (the ones who wouldn't know a network fob from a thumb drive), and you have to cater for them. And their #1 priority, the #1 priority of ANY job, is to COMPLETE the job. All else comes secondary. And no, you can't always train them, and if you raise your standards too high, you run the risk of no takers. And remember, medicine and computers aren't necessarily highly overlapping fields of expertise.

0
0
Silver badge

Re: The fault is the operating system

There is one small problem there.

The usual expectation for an OS is to make a one off payment (not too expensive, obviously) and then have open ended free support. People also generally expect to pay for a software package and just keep using it.

Beyond a certain point this is not a finacially viable model for the supplier.

Tough, you say, that's their problem the money grubbing bastards.

Eventually it is the users problem when the supplier can no longer afford to support the software and/or goes out of business.

The tactical approach is to spend as little as possible this financial year (see all industries which rely on infrastructure). Bonuses reflect cost performance in the current year.

The strategic approach is to budget in this and every future year for ongoing infrastructure maintenance including (with software) support, migration, update and escrow of the software including the supporting hardware and the build environment.

Good luck with the business case (nuclear, railways, roads, navy.......specialist computer controlled hardware..... ).

0
0
Silver badge

Re: The fault is the operating system

So how do you handle long-term business needs in a world full of short-sighted, penny-pinching investors and executives?

0
0
Silver badge

Re: The fault is the operating system

SaaS

0
0
Silver badge

Re: The fault is the operating system

Um...given patient confidentiality mandates, how do you do SaaS without breaking those mandates?

0
0
Silver badge

Re: The fault is the operating system

Very, very carefully?

0
0
Silver badge

Re: The fault is the operating system

The usual expectation for an OS is to make a one off payment (not too expensive, obviously) and then have open ended free support. People also generally expect to pay for a software package and just keep using it.

Beyond a certain point this is not a finacially viable model for the supplier.

That hasn't been the case in the commercial non-Windows environment where software was always priced as an upfront purchase cost followed by annual licence and maintenance/support fees.

Whilst the PC world has expanded computing to non-traditional IT user groups, namely: homes and small businesses and has done so through a one-off upfront payment, when it comes to business'es the traditional annual fee model has been applied, even by Microsoft.

0
0
RW

Re: The fault is the operating system

Remember, Microsoft makes a lot of money out of software churn.

Where does that money come from? Right out of the pockets of their customers, including ones left high and dry by the latest release of Win.

I am astonished (still, after decades of coping with Windows in different versions) that anyone would use Windows for mission critical apps, particularly life-or-death situations that are so common in hospitals.

I run Linux myself at home, but I'm far from prepared to say that Linux is the solution to software churn.

0
0
RW

Re: The fault is the operating system

You take care to send them emails (of which you have printed hard copies) pointing out the mistake they are making. Use exactly the phrasing you used in your post, go ahead tell them that their penny pinching and short sightedness mean long term business needs are not being met.

At least then you have covered your own ass when the wheels fall off.

0
0
Bronze badge

Sainsburys supermarkets still have XP in their stores as well. Sure there are lots of copies still in use due to legacy software that will never get replaced.

0
0
Silver badge

I've spotted a few other places that still use XP-based machines, mainly due to sunk costs and recent cycle changes that missed the boat. They won't be moving for a while yet, if at all.

0
0
Silver badge

"Sainsburys supermarkets still have XP in their stores as well"

They're most likely XP Embedded Standard/POSReady 2009 systems, so they'll continue to get support until January 2019.

0
0
Silver badge

Re: "Sainsburys supermarkets still have XP in their stores as well"

INCLUDING the back end machines which definitely AREN'T POS units?

0
0
Vic

Sainsburys supermarkets still have XP in their stores as well.

A couple of years ago, I saw a bunch of Sainsburys checkout machines being rebooted.

They weren't running XP. They were running 2K...

Vic.

0
0
MJI
Silver badge

Blame MS for writing a working OS with XP

They produce an operating system which runs programs.

A program I ran on my XP machine produces

Unsupported 16-Bit Application

then too much blurb for me to type in.

The language was extrememly popular in the 90s for database applications, I know of at least one large hospital system written in it (I knew the head programmer).

DOS 6.22

MUDOS fine

Real/32 fine*

WFW fine*

95 fine*

98 fine*

NT4 with some issues*

2000 fine*

XP fine*

Vista 32 with some major issues*

W7 32 with showstopping issues (NETBIOS)

W7 64 no hope

* running client server as well!

W7 32 was killed off due to killing off IP support for the program which provides client server access.

We do factory software.

So what did we do in the real world?

Vista - upgrade to XP, or run in a low resolution mode

W7 - tough, we tried, at first use your XP PCs, later test our new Windows software.

Huge DOS system, it took over 5 years to get into a viable WIN32 version. MS does not understand the software industry, you buy software to do a job, not because it is written in X.

0
0

So long as you have decent antivirus software and don't use them to access the internet I don't see the problem

0
0
Silver badge

Malware can come in through other means (even the keyboard), plus your network could get accidentally (or maliciously) bridged.

0
0
Anonymous Coward

Given that legacy web apps that require IE compatibility are a large part of this problem - and one that also exists in other big industries (engineering, finance) - it surprises me that no one has developed a browser based on open-source code that emulates IE but runs on whichever OS is convenient.

1
0
Silver badge

If it were only that, you could stuff an XP/IE instance in a VM and call it a day. No, more often than not hardware is the real problem. It's also one of the few things you can't virtualize, especially where custom hardware is involved.

0
0
Anonymous Coward

I think there is a subtle difference between 90% of NHS Trusts being reliant on a small number of xp machines to provide services which they have yet to migrate. Versus 90% of NHS Reliant on XP.

As someone who works in the NHS in IT I can say measures are always put in place where a decision is made to retain an XP device.

For example if a security door management system was designed to run on XP and the company wants £40,000 to update the software to run on a Windows 7/10 or Server, or a new system is going to cost £100,000. Measures can be put in place at a much-reduced cost. Things like network segregation be it physical or virtual. Hard/Soft firewalls etc.

As a public body we have to show value for money, and in some articles you praise the boxes which have been running in the corner for 20 years that no one has touched, yet kind of condemn the NHS if they even attempt to do something similar.

I would argue I know of no NHS trust which has XP as its desktop of choice for the majority of its users. Most desktops and other end user devices have already migrated to Windows 7 or beyond.

3
0
Anonymous Coward

Win XP still has its uses

Don't diss Win XP as that is the latest windows I can run on my ancient Thinkpad with only 256 meg of memory but also critically has a now nearly nonexistent 9 pin serial port. Of course that bad boy never goes on a network and is only used for testing instrumentation through serial (need it to be mobile).

1
0
Silver badge

Re: Win XP still has its uses

And is there any reason it MUST be a genuine, physical legacy serial port and not a USB-based device?

0
0
Silver badge

Re: Win XP still has its uses

"And is there any reason it MUST be a genuine, physical legacy serial port and not a USB-based device?"

In some cases, yes. It depends how the software access the RS-232C port, timing, quality and comparability of the USB converter and it's drivers. Some work, in some situations. Some will work with some devices while a different one will work with other devices the first one won't work with . It's weird, maybe black magic is involved. In some case, the USB converter simply doesn't handle all possible cases of RS-232C signalling, especially for older 25-pin serial which may well need all those signals missing from the 9-pin ones. I've seen cheap ones which can barely do more than handle Rx, Tx and Gnd, using software handshaking only and fail completely if RTS/CTS is required.

1
0
Vic

Re: Win XP still has its uses

It's weird, maybe black magic is involved

Probably far more prosaic...

RS-232 is defined as +3V to +15V and -3V to -15V, but many serial ports used to use ±12V, as those rails were readily available from a PC. And I've seen hardware assume that that is what it's going to get. Moving to USB adapters typically gives you ±5V, so such hardware can get mighty confused.

Vic.

1
0

None of this surprises me. We have customers using old versions of an application we used to sell which ran in what used to be called Tandem NonStop hardware. Those same customers often keep those machines going by buying spares through eBay and the like. We are talking large high street businesses running relatively mission critical functions that have the ability to impact retail commerce throughout the UK if they stop working.

0
0
RW

"Relatively mission critical functions"

Strike the word "relatively".

As fate would have it, I was just thinking about the unnecessary use of "relatively" earlier today while out and about. The things one thinks about!

0
0

I sympathise with the NHS.

If you've got a platform that works stay with it. The continual changing of platforms is a major inconvenience or worse. For all that overall things get 'better'. In quotes because you need to consider by what measure.

I still use XP. And win10 and win7. Because I have hardware that literally needs XP. And I have other hardware (and software) that needs win7 or 10.

I get more speed out of XP on my Asus A8nSLI than I do from Xubuntu. I run an HP3150 on XP where there's no drivers for anything else.

Note there's no drivers because they've chosen not to make drivers. Not because it is some sort of impossibility.

So here at home I can see the planned obsolescence and I can see the pragmatic difficulties.

Now the NHS has massive investment in critical software. I'm in Australia, I've seen the expensive debacles you can have with massive software installations especially when new. We had an enormous fiasco when the govt commissioned online Unemployment/Job Seeking software.

And I used to be a programmer.

Porting software to new OS's can easily become a nightmare. It is not a trivial exercise. Simply changing software to fit new printers can be a nightmare. Simply incorporating new reports can be a nightmare. And these nightmares cost money and time and inconvenience thousands or millions of people.

Simply because software and hardware is old doesn't make it not fit for purpose. Move a lever by hand to achieve a task. Then put in a servo motor you switch on to move it. Then remote control that servo motor. Then put in a command centre that remotely controls many such motors. Then put in a command system that oversees everything.

That's modernising. That's technological development. That's how it goes.

At the bottom that lever is being moved, is all.

We need to ask if we need all the rest of the 'development' and in the calculation we need to factor in the costs - including human cost in all aspects.

We're not in a dreamland here. Look around, enquire, and see how many banks and such are employing software written in COBOL, still to this day. How many scientific institutes are using software written in FORTRAN. And so on.

XP is not 'wide open to hackers'. That's typical media beat-up hysteria.

NEW system are 'wide open to hackers' simply because they are new, untested for the most part. Hasn't history shown that very clearly? How many security updates in the first year of win10?

All systems are 'wide open to hackers' because that's a phrase without adequate definition. A system apparently impervious to attack today, lauded and applauded, looks ridiculous tomorrow after a backdoor or an achilles heel is found.

All systems are like cities on a plain surrounded by besieging armies, the hackers.

All systems benefit by being isolated. Firewalls. Partitioning. Circuit breakers. Parts of a system that are not required to have access to other parts are ideally cut off.

All systems benefit by RAID and similar philosophies.

Tremendously sophisticated and complicated software/hardware systems with online criticality benefit from long periods of stasis wherein they are studied and improved and protected.

Demand for constant change and thoughtless unnecessary 'improvement' brings uncertainty, unanticipated issues, complication and danger.

I am totally on the side of the NHS and its managers and particularly its IT people.

It is better that it remain firewalled behind a well understood XP system, doing what it does and doing it well with securities constantly strengthened while work goes on to develop a different and parallel system on some other platform, software and hardware, that can work in parallel once created and prove its validity by running without fault and impervious to hacker attack for six months or more.

That's the way to go.

It is a question of building another system.

Not a question of attacking this one or the people that have built it, run it, protect it.

1
1
Anonymous Coward

"It is better that it remain firewalled behind a well understood XP system, doing what it does and doing it well with securities constantly strengthened while work goes on to develop a different and parallel system on some other platform, software and hardware, that can work in parallel once created and prove its validity by running without fault and impervious to hacker attack for six months or more."

But how do you do that when you're not given enough budget for the job? It sounds nice given enough budget for a pilot plant but more often than not you're not given the resources until the existing machine breaks or you're given a "bridge too far" project: required to maintain an XP machine that, due to its fundamental function, MUST leave a gaping hole open but also can't be updated, meaning you can't defend it without breaking it, too.

1
0
Anonymous Coward

I'm sorry, but "XP is not 'wide open to hackers'. That's typical media beat-up hysteria." is naive. Keep XP well behind firewalls and preferably air-gapped. Once exposed and accessible XP attracts from the curious to the criminal.

Many "from honeypot to bot" tests have shown that it does not take long.

0
0
Anonymous Coward

But what if it's Internet-facing but CAN'T be upgraded due to the software it runs not being supported beyond XP? So now you have a wide-open business-critical box that can be pwned at any time?

0
0
Vic

But what if it's Internet-facing but CAN'T be upgraded due to the software it runs not being supported beyond XP?

No such machine. If it really needs to provide an Internet service, you put it behind a filtering proxy.

Vic.

0
0
Anonymous Coward

"No such machine. If it really needs to provide an Internet service, you put it behind a filtering proxy."

Oh? What if the very way you connect to it is the SAME way you pwn it? You can't replace it AND you can't filter it, so proxies are useless here. Worse, you may not have the budget for such a proxy.

0
0
Vic

Oh? What if the very way you connect to it is the SAME way you pwn it?

Then you need to make your filtering proxy good enough to permit those connections that are desired whilst forbidding those that aren't. How best to do this depends on what the server is doing; a simple firewall might do the job, or you might have to write a custom server to proxy the dangerous one. But that is all detail: if the server can be pwned from the Internet, it needs to have no direct connection, and any connectiuons that are made need to be filtered. And there is no other way of doing the job.

You can't replace it AND you can't filter it, so proxies are useless here

You can filter it. You always can. It just might not be the most cost-effective way of solving the problem.

Worse, you may not have the budget for such a proxy.

Then you are too clueless to run a business. This is simple risk-planning.

Vic.

0
0

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018