Investigation: WannaCry cyber attack and the NHS | The National Audit Office
This report investigates the NHS response to the cyber attack in May 2017 and the impact it had on health services. The report concludes that the attack could have been prevented if the NHS had followed IT security best practice.
The key findings of the investigation are:
- The Department was warned about the risks of cyber attacks on the NHS a year before WannaCry and although it had work underway it did not formally respond with a written report until July 2017
- The attack led to disruption in at least 34% of trusts in England although the Department and NHS England do not know the full extent of the disruption
- Thousands of appointments and operations were cancelled and in five areas patients had to travel further to accident and emergency departments
- The Department, NHS England and the National Crime Agency have said that no NHS organisation paid the ransom, but the Department does not know how much the disruption to services cost the NHS
- The cyber attack could have caused more disruption if it had not been stopped by a cyber researcher activating a ‘kill switch’ so that WannaCry stopped locking devices
- The Department had developed a plan, which included roles and responsibilities of national and local organisations for responding to an attack, but had not tested the plan at a local level
- NHS England initially focused on maintaining emergency care
- NHS Digital have said that all organisations infected by WannaCry shared the same vulnerability and could have taken relatively simple action to protect themselves
- The NHS has accepted that there are lessons to learn from WannaCry and is taking action.
Full report: Investigation: WannaCry cyber attack and the NHS
See also: NHS ‘could have prevented’ WannaCry ransomware attack | BBC News