The NHS is still running Windows XP en masse, two and a half years after Microsoft stopped delivering bug fixes and security updates.

Nearly all of England NHS trusts – 90 per cent – continue to rely on PCs installed with Microsoft’s 15-year-old desktop operating system.

Just over half are still unsure as to when they will move to a replacement operating system.

Fourteen per cent reckoned they’d move to a new operating system by the end of this year, and 29 per cent reckoned the move would happen “some time” in 2017.

Windows XP is not receiving any security updates from Microsoft, meaning health service PCs are wide open to hackers and malware.

The data on the NHS' use of Windows XP comes courtesy of a Freedom of Information request from Citrix, which approached 63 NHS trusts and received responses from 42.

An FoI request from Citrix made in July 2014, three months after Microsoft’s deadline to move off Windows XP, had found 100 per cent of NHS trusts were dependent on the operating system.

The Reg first reported in early 2014 how vast sections of the UK public sector was set to miss Microsoft’s April 2014 kill date for XP.

The government had agreed a temporary framework support agreement with Microsoft which guaranteed delivery of special security patches for a year.

That agreement ended on April 14 2015 after it was decided not to go for a second year.

Individual government departments and agencies were free to sign their own extended support agreements with Microsoft. ®