A massive cyber-attack on the NHS could have been prevented, a government report has revealed.
May’s WannaCry outbreak spread across the world and caused particular problems for the NHS, with over a third of English health trusts struck and 6,900 appointments cancelled.
The National Audit Office (NAO), which conducted the report, has now said that the NHS and the Department of Health should ‘get their act together’ to prevent future attacks.
WannaCry, which disrupted systems in over 150 countries, was the most devastating cyber-attack to hit the NHS so far. The malware locked PCs and demanded around £230 to re-open them, though there is no evidence the NHS paid any of the ransoms.
Ridiculously, an assessment of 88 trusts by NHS Digital before WannaCry’s assault discovered that not one of them had the basic and essential security levels on their systems.
According to the NAO’s report, trusts didn’t do anything even after receiving critical alerts from NHS Digital, nor after a 2014 Department of Health warning to patch exposed software.
On top of that, trusts could have done a better job of maintaining their firewalls.
NHS England‘s chief clinical information officer for health and care, Keith McNeil, said: ‘As the NAO report makes clear, no harm was caused to patients and there were no incidents of patient data being compromised or stolen.
‘Tried and tested emergency plans were activated quickly and our hard-working NHS staff went the extra mile to provide patient care, keeping the impact on NHS services and patients to a minimum.’