A National Audit Office( NAO) investigation into May 2017 Wannacry Outbreak on NHS has revealed that the healthcare network was warned in time to patch systems to protect against Cyber Attack.
It is said that NHS Digital- the health service’s data and IT body issued this alert in April this year. But the alert was ignored by the local bodies which eventually led to ransomware outbreak disrupting the systems of entire hospital network for weeks.
According to some sources reporting to our Cybersecurity Insiders, NHS digital issued an email alert to all IT heads managing the IT assets of the hospital networks. But the alert was ignored leading to severe disruption and spread of Wannacry Ransomware.
It is a known fact that in March/April this year, Microsoft issued an emergency patch to its Operating Systems in order to protect them against Eternal Blue- a vulnerability exploited by NSA by using the Windows SMB Networking protocol to spread an infection across the network using worm-like capabilities.
NHS Digital immediately alerted the IT staff of its hospital network about the vulnerability and the available fix.
But 81 hospitals out of the 236 operating across England missed out the alert for reasons and had to witness a ransomware impact on more than 70,000 devices.
As a result of the outbreak, Systems were locked out by the file-encrypting malware, and many NHS Bodies had to resort to pen and paper for weeks.
The Wannacry outbreak also resulted in thousands of operations and appointments being canceled or postponed.
Note- NHS Digital has specified in its security review report that none of its hospital head’s paid the ransom demanded by those behind WannaCry.
British NAO concluded that the attack could have been launched by North Korea and was relatively unsophisticated and could have been prevented.
