Healthcare faces highest cyber risks as Windows 10 hits EOL

New research reveals that enterprise networks are increasingly exposed to cyber threats following the end-of-life (EOL) status of Windows 10. Despite industry guidance to update systems, a significant proportion of organisations continue to operate outdated software, raising concerns about security and compliance.

Rising exposure

Since the end of support for Windows 10, the proportion of EOL systems within enterprise networks has jumped. Previously, 8.56% of enterprise networks relied on unsupported operating systems, with an additional 5% on extended EOL. The latest data shows these figures have doubled, with 18.6% of enterprise systems now officially unsupported and 15.37% on extended EOL status.

This increase means organisations are more vulnerable to cyberattacks. Attackers target systems without security updates, exploiting known vulnerabilities that are unlikely to be patched. Outdated systems are easily discoverable by attackers using basic scanning and are often targeted with stable, widely available exploits.

Healthcare impact

The healthcare sector is experiencing the highest rate of EOL exposure. According to runZero's findings, 42% of computers in healthcare networks are now running unsupported operating systems, most of which are Windows 10. These legacy systems support critical services, making the risks associated with exploitation particularly severe. Unpatched vulnerabilities could directly threaten patient safety and operational continuity.

Security update challenges

Microsoft is offering Extended Security Updates (ESU) free of charge to users in the European Union. However, adoption rates appear uncertain. For organisations outside the EU, obtaining ESU coverage requires purchasing additional licences, and the willingness to pay for ongoing patches remains unclear. This leaves many non-EU entities, particularly those in sectors reliant on legacy technology, exposed to unchecked risk.

Attack timing risks

"It'll be a global game of chicken, will Microsoft withhold ESU patches from non-licensed customers, or will they give in when faced with disaster? How much damage is required to count as a disaster?" said Tod Beardsley, VP of Security Research, runZero.

The pattern of attack peaks during major holidays is well documented. These periods often coincide with staffing shortages or reduced monitoring, increasing the likelihood of successful breaches on unpatched systems.

Visibility and management

Visibility into network assets is central to reducing exposure. Security teams need robust tools to identify all outdated devices, including those on-premises, in the cloud, or in remote locations. Once every vulnerable system is accounted for, teams can prioritise updates, allocate resources, and address the root causes behind lagging updates. These may include costs, operational complexity, or dependency on specific software vendors.

Strengthening security frameworks and ensuring compliance with updated standards are becoming pressing priorities, especially as cyberattack attempts remain frequent, with some estimates suggesting an attack occurs every 39 seconds globally.

Beardsley said, "If history is any guide, the first test will come during the holiday season, when cyberattacks traditionally spike."