Several public bodies in Dundee are exposed to the risk of cyber attack because of out-of-date computer software, the Tele can reveal.
Freedom of information requests have revealed that NHS Tayside and Dundee City Council have dozens of computers still using the Windows XP operating system.
Microsoft, which develops Windows, discontinued support for XP in April 2014, meaning vital security fixes haven’t been rolled out for more than three-and-a-half years.
Using XP could leave PCs exposed to newer viruses and work-arounds used by hackers to gain unauthorised access, such as the WannaCry attack that crippled NHS systems across the UK earlier this year.
Microsoft’s own advice reads: “If you continue to use Windows XP, your computer will still work but it might become more vulnerable to security risks and viruses.”
Of the 4,400 computers it uses for day-to-day business, the city council has 44 machines still running XP – although they are “segregated” from the council’s network.
A council spokesman said: “The few remaining machines running Windows XP are used for specific purposes such as computer-aided design.
“We are actively working on a programme to fully remove them from the council by summer 2018.”
NHS Tayside disclosed that 144 of its 11,000 PCs still use Windows XP.
While the board said there was “no planned date” for XP to be phased out, a spokeswoman said the number of computers using the software was falling.
She said: “Since September, NHS Tayside has reduced the number of systems reliant on XP by 37% and a further reduction plan is in place to eliminate all XP-based machines over the shortest timescale possible.
“Some of our systems supplied by external providers can only run on XP and upgrading these systems is reliant on the original suppliers providing us with new versions.
“However, plans are in place to replace or decommission these systems as soon as compliant versions are received.”
All machines continue to receive anti-virus software updates, she added.
Police Scotland rejected the Tele’s freedom of information request, saying releasing such details would leave it open to the risk of cyber attack.