UK Government report says NHS could have prevented WannaCry

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
A report by the British government’s National Audit Office (NAO) has found that the National Health Service (NHS) could “have taken relatively simple action to protect themselves” against the WannaCry malware which brought some NHS organisations to a standstill while the problem was rectified.

In its report, the NAO writes:

“All NHS organisations infected by WannaCry has unpatched or unsupported Windows operating systems so were susceptible to the ransomware. However, whether organisations had patched their systems or not, taking action to manage their firewalls facing the internet would have guarded organisations against infection”

Another interesting finding from the report is that the majority of NHS devices which were affected by WannaCry were in fact running a supported version of Windows 7, but they were simply unpatched and therefore vulnerable. Windows XP machines were also affected, but they were in the minority of infected devices.

The report states that the NHS has accepted that there are lessons to learn from WannaCry and is now taking action. For example, it’s setting out a response plan for future attacks, it is ensuring organisations implement critical CareCERT alerts, that they apply patches, and make sure anti-virus software is up to date. The NHS will ensure that essential communications can continue to flow during an attack when systems are down, and lastly, it’ll make sure organisations, boards, and their staff are taking cyber security seriously and are working proactively to reduce the impact an attack could have on patient care.

Source: National Audit Office via: BBC News
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
I'm thinking their blaming the wrong people. Wasn't it the NSA (National Security Association) that was hogging all of those critical security exploits? Had they reported said exploits to MS, instead of uselessly hogging them, none of this would have happened, or at least, been less severe.
 
  • Like
Reactions: vemn

Arequire

Level 29
Verified
Top Poster
Content Creator
Feb 10, 2017
1,822
I'm thinking their blaming the wrong people. Wasn't it the NSA (National Security Association) that was hogging all of those critical security exploits? Had they reported said exploits to MS, instead of uselessly hogging them, none of this would have happened, or at least, been less severe.
Both the NHS and intelligence agencies share the blame. Unfortunately I doubt you'll ever see condemnation to the practice of hoarding exploits by intelligence agencies; they'll always spout their usual "national security" nonsense and get a free pass.
 
L

Local Host

Outdated Systems and lack of proper etiquette in terms of Security is a major problem, then when something happens (when is to late) is when they start doing what should have been done in the past.

This type of news will never get old, is among the main reasons why companies like Microsoft are forcing Updates down the users throats.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top