HOSPITAL trusts are leaving themselves vulnerable to cyber attack by running out-of-date and flawed software.

Cyber security experts said public bodies using outdated operating systems, which they would recommend even infrequent home users to update, were putting NHS systems and patient records at risk from hacking.

Hospital trusts said they were undergoing an extensive review of cyber security in the wake of the devastating ransomware attack in May which led to cancelled operations and appointments at 47 trusts nationwide.

Figures obtained by The Argus show hospital trusts continue to use Windows XP which Microsoft stopped issuing security updates for in April 2014.

Western Sussex Hospitals NHS Trust said 74 computers still used Windows XP although about 1,000 computers had been updated since 2014.

A spokesman said all devices and servers were protected by anti-ransomware products while further improvements suggested by a third party cyber security audit were being implemented.

Brighton and Sussex University Hospitals Trust has spent £600,000 upgrading since 2014. In response to an FOI request, it initially refused to say whether it had any computers still operating with XP claiming the information could be used to identify ways in which its computer systems could be breached.

But a spokeswoman later responded: “The trust is undertaking an extensive review of cyber security risks across all computer domains not just traditional IT, to include medical devices and building management systems. All computers identified with unsupported operating systems, Windows XP, Server 2003, are being upgraded or retired from service and form part of a wider trust IT activity and investment plan for this year. “

Darren Oliver, Fitzrovia IT managing director, said: “Windows XP was released in 2001 and it stopped being sold to OEMs in 2008. Even with new patches being issued when previously unknown vulnerabilities come to light, it’s unlikely Microsoft is putting much time or effort into identifying bugs in a 16-year- old operating system.

“Any outdated or un-patched IT equipment puts anyone at risk of being caught up in an attack, even if they are not the intended target. It only takes one infected computer to bring down an entire network.”

Hastings Borough Council also refused to disclose any information claiming it would leave its computers more vulnerable to a malicious hacking attack.

Brighton and Hove City Council said none of its computers still operated on Windows XP while West Sussex County Council no longer have any XP computers having upgraded the remaining 20 in the past three years.

Crawley Borough Council had one solitary computer working on Windows XP having spent £352,870 since April 2014 updating its systems.

NHS Coastal West Sussex CCG said all its operating systems were upgraded in April 2015 while all computers at CCGs covering Hastings and Rother and NHS Eastbourne, Hailsham and Seaford CCG all used Windows 7 following an upgrade three years ago.