Experts have warned that ageing IT equipment and infrastructure is leaving the NHS dangerously exposed to more damaging cyber breaches and incidents in the same vein as the ransomware attack that hit pathology services provider Synnovis in June, causing extensive disruption to frontline care in London.

Speaking to the BBC, Ciaran Martin, the founding chief executive of the UK’s National Cyber Security Centre (NCSC), said he was “horrified, but not completely surprised” by the 4 June attack.

The incident led to the cancellation of thousands of medical procedures and ultimately saw the leak of 400GB of sensitive data by the Qilin gang, after Synnovis refused to pay a ransom demand.

He said it was “quite clear” the NHS was running a lot of out-of-date IT, and also that the NHS needed to do better at identifying and addressing vulnerable points that might afford a cyber criminal access to its systems, and do more to address basic cyber security best practice.

Martin’s concerns are backed up by doctors, with a December 2022 British Medical Association (BMA) report revealing that clinicians were wasting over 13 million hours every year thanks to delays arising from “inadequate or malfunctioning” systems and equipment. At the time, this was the equivalent of 8,000 full-time doctors, or £1bn.

A total of 80% of doctors who responded to the survey on which the BMA based its report said that improving IT infrastructure would have a positive impact in clearing the enormous backlogs faced by the NHS.

Doctors who spoke to the BBC Investigations team reported using 10-year-old PCs running Windows 7, and lamented 14 years of steady funding cuts from the previous government.