Time is running out for bodies as Microsoft prepares to retire operating system.
When Microsoft’s support for Windows XP terminates in April, thousands of PCs used by .gov and public sector bodies including HMRC and the NHS will hit an incoming tide of hackers who will now be able to freely exploit the unguarded systems.
A Freedom of Information request, carried out by tech website The Register, returned statistics showing that "HMRC has 85,784 PCs, of which 85,268 are moving off Windows XP and 58,631 are ditching Internet Explorer 6."
"NHS Scotland has 3,603 PCs with 3,537 on Windows XP and the same number on IE6."
However, it appears the bodies are not moving fast enough, as HMRC told The Register that it expects to have completed its move by "the end" of 2014, while NHS Scotland predicts to finish in the third quarter.
Official Microsoft support ends on 8 April, when the firm will stop issuing security patches to block malicious code that can infect PCs with viruses and even steal data.
Security expert Graham Cluley told CBR that the threat to Windows XP machines is very tangible.
"It is very likely that online criminals will attempt to exploit unpatched vulnerabilities on the XP platform," said Cluley.
"Typically the most attractive vulnerabilities will be remote code execution vulnerabilities which can be used by malware such as a Trojan horse or worm to infect your computer.
"Anyone continuing to run Windows XP after April is, in my opinion, playing a dangerous game."
After 8 April, users who want to continue having Microsoft protection must pay up to £120 per desktop for year one, £240 for year two and £490 in year three.
But according to the FOIA requests carried out by The Register, neither NHS Scotland nor HMRC will pay for the protection, even though the users working for the organisations will still be using the vulnerable PCs.
The NHS in England comes out the worst. A FOIA request showed that there are a total of 1.086 million PCs and laptops running Windows in the service.
The Register asked NHS England if there is a plan in place to migrate.
"The NHS in England’s response was that it simply doesn’t know beyond headline numbers the state of Windows XP’s penetration or migration work," said the tech website.
"No central records are held," NHS England told The Register, when referring to how many medical or back-office staff or systems will be exposed at the NHS in England.