A report by the British governmentβs National Audit Office (NAO) has found that the National Health Service (NHS) could βhave taken relatively simple action to protect themselvesβ against the WannaCry malware which brought some NHS organisations to a standstill while the problem was rectified.
In its report, the NAO writes:
βAll NHS organisations infected by WannaCry has unpatched or unsupported Windows operating systems so were susceptible to the ransomware. However, whether organisations had patched their systems or not, taking action to manage their firewalls facing the internet would have guarded organisations against infectionβ
Another interesting finding from the report is that the majority of NHS devices which were affected by WannaCry were in fact running a supported version of Windows 7, but they were simply unpatched and therefore vulnerable. Windows XP machines were also affected, but they were in the minority of infected devices.
The report states that the NHS has accepted that there are lessons to learn from WannaCry and is now taking action. For example, itβs setting out a response plan for future attacks, it is ensuring organisations implement critical CareCERT alerts, that they apply patches, and make sure anti-virus software is up to date. The NHS will ensure that essential communications can continue to flow during an attack when systems are down, and lastly, itβll make sure organisations, boards, and their staff are taking cyber security seriously and are working proactively to reduce the impact an attack could have on patient care.
Source: National Audit Office via: BBC News | Image via NHS
8 Comments
Load the comments and join the conversation!
Read the comments, ask the editors questions, show respect and join the conversation.