NHS Pwnage Could Have Been Stopped If They Followed “Basic IT Security Best Practice”

You might recall that the National Health Service in the UK got pwned by what became known as the “WannaCry” ransomware outbreak that went global. Well, it turns out that they could have easily protected themselves from this outbreak. Here’s what The Guardian had to say on that front:

The National Audit Office (NAO) said that 19,500 medical appointments were cancelled, computers at 600 GP surgeries were locked and five hospitals had to divert ambulances elsewhere.

“The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients,” said Amyas Morse, the head of the NAO.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

And what action could they have taken? Well….:

As early as 2014, the Department of Health and the Cabinet had written to NHS trusts, saying it was essential they had “robust plans” to migrate away from old software. In March and April 2017, NHS Digital issued critical alerts warning organisations to fix the exact bug in their Windows computers that later enabled WannaCry to rapidly spread.

Before the attack, NHS Digital carried out an “on-site cybersecurity assessment” at 88 out of the 236 health trusts in England. None passed, but the agency had no powers to make them “take remedial action even if it has concerns about the vulnerability of an organisation”, the report says.

Well. That’s not cool. This should serve as a textbook example of why every business big or small needs to have their act together when it comes to IT security. Because if you don’t have your act together, you become the NHS. Don’t be the NHS from an IT perspective.


One Response to “NHS Pwnage Could Have Been Stopped If They Followed “Basic IT Security Best Practice””

  1. […] Service or NHS in the UK was pwned to a massive degree by the Wannacry ransomware. It was later discovered that they could have avoided this rather easily. Today the NHS has made an announcement that they […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: