If you recall, the National Health Service or NHS in the UK was pwned to a massive degree by the Wannacry ransomware. It was later discovered that they could have avoided this rather easily. Today the NHS has made an announcement that they will spend £150m more over the next three years to do the following:
-
A £21m upgrade to upgrade firewalls network infrastructure at major trauma centre hospitals and ambulance trusts
-
£39m to address infrastructure weaknesses
-
A new text messaging alert system to ensure trusts have access to accurate information.
- Upgrading to Windows 10 which was announced by Microsoft UK.
So it seems that the NHS is really serious about this as the Wannacry ransomware really disrupted its services when they got pwned. But to be fair, they weren’t alone on that front. Hopefully other organizations who got pwned by this ransomware last year take note and use this as a template to improve their IT defenses.
England’s NHS demands supplier cyber commitments in open letter
Posted in Commentary with tags NHS on May 15, 2025 by itnerdThe UK’s Department of Health and Social Care and NHS England are calling on all current and prospective NHS suppliers to commit to stronger cybersecurity practices by signing a new voluntary Cyber Security Charter. The move comes amid a sharp increase in ransomware attacks targeting the healthcare supply chain.
Wade Ellery, Field CTO, Radiant Logic had this to say:
“Healthcare is doubly vulnerable because of its deep reliance on legacy identity infrastructure and vendor sprawl and the literal life and death impact of such an attack. Many providers operate with decades-old IAM systems, scattered data sources, and minimal visibility into who has access to what—and why. Identity observability offers a path forward: unifying and monitoring all identity and access data in real time, so threats like ransomware don’t go undetected until it’s too late.”
I’ve been saying for a long time that because health care is low hanging fruit for threat actors, more must be done in that sector to make it less attractive to threat actors. This qualifies as more in my books. And I would love to see this copied elsewhere as this will make a difference.
3 Comments »