Skip to main content

NHS WannaCry attack 'could easily have been prevented'

(Image credit: Image source: Shutterstock/Martial Red)

This year's WannaCry ransomware attack against the NHS could have been avoided if its trusts had followed basic security recommendations, a new report has claimed.

According to a report by the National Audit Office (NAO), NHS Digital had assessed 88 out of 236 trusts for cyber-security standards before the attack, and literally none had passed.

To combat any potential threats, NHS Digital advised trusts to patch up and migrate from vulnerable older software in 2014. Even the Department of Health and the Cabinet Office gave the similar warning.

"Before 12 May 2017, the department had no formal mechanism for assessing whether NHS organisations had complied with its advice and guidance,“ the Department of Health said, adding that trusts could have also handled their firewalls better, but didn't.

The WannaCry ransomware attack, which happened in May, was one of the biggest ransomware attacks to ever hit the web, and one which left serious consequences on the NHS. Even though no trusts had paid ransom, financial ramifications were huge.

According to NHS England, almost 7,000 appointments, including operations, were cancelled due to the ransomware attack, but it is being estimated that some 19,000 appointments in total may have been affected.

WannaCry is a ransomware, which encrypts a victim's data and asks for ransom, in bitcoin or other cryptocurrency, in order to unlock the files. This particular ransomware had asked for roughly £230.

Image source: Shutterstock/Martial Red