James Rawlinson, director of health informatics at The Rotherham NHS Foundation Trust, says 2% of the trust’s devices could not be updated to Windows 11 (Credit: The Rotherham NHS Foundation Trust)
Exclusive: NHS migration to Microsoft Windows 11 is stalled by medical device vendors who have not updated the operating system. Digital health news has learned.
From October 14, 2025, microsoft Windows 10 no longer receives security updates, meaning NHS organizations have had to update outdated hardware or pay for ones from Microsoft. extended security update.
James Rawlinson, director of health IT at The Rotherham NHS Foundation Trust, said around 98% of the trust’s Windows estate has been upgraded to Windows 11 due to the “incredible work of our technology teams”.
The trust has upgraded around 7,000 devices in the last three years, with around 30-40% requiring new hardware, while the rest were in-place upgrades.
However, Rawlinson said 2% of the trust’s devices have not been updated because the current version of the medical device vendors’ software does not work on Windows 11.
A supplier quoted the trust £25,000 to upgrade a three-year-old device to make it compatible with Windows 11.
“We have some examples where we buy clinical and medical equipment and the manufacturer is now saying we have to buy it new even though it’s only three years old,” Rawlinson said.
“Part of their excuse is that they have to go through, and rightly so, very strict checks with the Medicines and Healthcare products Regulatory Agency for their software to interact with a physical piece of medical equipment.
“We want them to do that, but it still leaves a bad taste in your mouth when you’ve spent £34,000 on a PC and then three years later you’re going to spend it all again because they simply don’t upgrade themselves to support Windows 11.
“Historically, these medical equipment vendors have provided end-to-end support for their software and equipment, but all of a sudden they say, ‘It has nothing to do with us, it’s up to your local IT to take care of it, but don’t worry, you can buy extended support from Microsoft.’ It just sucks,” he added.
The trust is isolating devices that have not been updated in a secure quarantined environment to minimize cyber risk while negotiating with suppliers to find a long-term solution.
Rawlinson said the issue was “concerning” and compared it to driving a car without insurance.
“You just hope and pray that nothing untoward happens, but if it did, we would have to disconnect those devices from our data network, which would impact local care,” he said, adding that this could lead to problems such as a cardiology system not being able to read pacemakers.
Commenting on the issue, cybersecurity expert Saif Abed, founding partner of the AbedGraham GroupHe said it is “It is deeply worrying that providers are forcing trusts to expose themselves to greater risks.
“Without central support or coordinated pressure on suppliers, the NHS is left absorbing the clinical, operational and safety consequences of poor supply chain behaviour.
“If clinical IT providers are serious about cybersecurity and patient safety, they should have ensured that their NHS customers could migrate to Windows 11 without incurring additional costs. This is a basic expectation of responsible software lifecycle management.”
Digital health news contacted NHSE for comment.
