I’ll put money on out of date OS and lack of budget for any kind of upgrades.
I’ve just filtered my incoming bug reports by people still running Windows XP. Almost all of them are pharmacies. You tell them to upgrade, and that they’re not PCI-DSS compliant. For 9 years.
The rest of the NHS is likely even worse.
Sad thing about IT security, it’s one of those things that costs money and you don’t see the benefits. Only the catastrophic failures.
Chances are they use some internal sites that only work in IE. Could even be using some Java Applet or ActiveX plugin that hasn’t been patched in 15 years.
Even Chrome abandoned everything pre-Windows 10 earlier this year. I reckon there’s more machines than not that couldn’t upgrade OS even if they wanted to.
I’ll put money on out of date OS and lack of budget for any kind of upgrades.
I’ve just filtered my incoming bug reports by people still running Windows XP. Almost all of them are pharmacies. You tell them to upgrade, and that they’re not PCI-DSS compliant. For 9 years.
The rest of the NHS is likely even worse.
Sad thing about IT security, it’s one of those things that costs money and you don’t see the benefits. Only the catastrophic failures.
‘Why are we paying all this money out when we could just save the money and never upgrade’ – some manager, somewhere.
It’s not an OS, but I worked for the NHS for a time a year ago. They still use Internet Explorer…
Chances are they use some internal sites that only work in IE. Could even be using some Java Applet or ActiveX plugin that hasn’t been patched in 15 years.
Even Chrome abandoned everything pre-Windows 10 earlier this year. I reckon there’s more machines than not that couldn’t upgrade OS even if they wanted to.
That wouldn’t surprise me at all. The explanation I was given at the time was literally “because it has private browsing”.