Simple Action could have Saved NHS from WannaCry
NHS (The National Audit Office) across the country were affected by the WannaCry ransomware in May because they needn’t apply the Windows 7 patches, which was available that time.
Later in an investigation into WannaCry the NHS Digital found out that a simple correction by the NHS could have saved them from the ransomware, which forced few of their trust to close down, cancel operations and send back the patients.
In over all the NHS had to cancel around 19000 medical appointments, and at least 600+ computers at surgeries was dumped off.
The NAO stated that “All organisations infected by WannaCry shared the same vulnerability and could have taken relatively simple action to protect themselves.” It further added “All NHS organisations infected by WannaCry had unpatched or unsupported Windows operating systems so were susceptible to the ransomware. However, whether organisations had patched their systems or not, taking action to manage their firewalls facing the internet would have guarded organisations against infection.”
The NAO had a clear understanding of what caused the National Audit Office to get a ransomware attack, it further stated “NHS Digital told us that the majority of NHS devices infected were unpatched but on supported Microsoft Windows 7 operating systems. Unsupported devices (those on XP) were in the minority of identified issues. “NHS Digital has also confirmed that the ransomware spread via the internet, including through the N3 network (the broadband network connecting all NHS sites in England), but that there were no instances of the ransomware spreading via NHSmail (the NHS email system).”
The NAO concluded that “Since WannaCry, NHS England and NHS Improvement have written to every trust, clinical commissioning group and commissioning support unit asking boards to ensure that they have implemented all 39 CareCERT alerts issued by NHS Digital between March and May 2017 and taken essential action to secure local firewalls.”
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.