Latest in Gear

Image credit:

NHS Trusts ignored patch that would’ve averted malware disaster

NHS Digital says it alerted everyone to the update last month.
Jamie Rigg, @jmerigg
May 15, 2017
Share
Tweet
Share

Sponsored Links

EFE

The ransomware attack that crippled crucial NHS systems across the UK and continues to cause disruption could have easily been contained, according to NHS Digital. The body, which oversees data and IT infrastructure across the NHS, said hospitals and other arms of the service had ample time to upgrade their systems. The 'WannaCry' malware variant used a Windows exploit Microsoft patched in mid-March this year. At the end of April, NHS Digital notified staff and "more than 10,000 security and IT professionals," pointing them to a patch that would "protect their systems." It seems this advisory fell on some deaf ears, which explains why only certain NHS Trusts were affected.

Over the weekend, NHS Digital also addressed speculation that aging infrastructure was to blame: "While the vast majority [of NHS organisations] are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7 per cent, with this figure continuing to decrease." Windows XP was put out to pasture in spring 2014, though the UK government did pay for an extra year of support back then. In reaction to the spread of 'WannaCrypt,' Microsoft took the "highly unusual step" of issuing a patch for out-of-support systems last Friday.

Reading between the lines, NHS Digital is basically blaming the update apathy of individual Trusts as the reason for the ransomware's spread. It's not the only one pointing fingers, though. In the aftermath of the attack, which hit organisations and companies across the world, Microsoft fired shots at the NSA, CIA and other intelligence agencies for keeping mum about vulnerabilities they discover. 'WannaCrypt' takes advantage of an exploit known as EternalBlue, for instance, which only really became common knowledge last month (though Microsoft had patched supported products before then). A mysterious group known as the "Shadow Brokers" published details of EternalBlue and other exploits online, claiming they were poached from the NSA's cyber war chest.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Image bricks some Android phones when used as wallpaper

Image bricks some Android phones when used as wallpaper

View
Amazon pulls racist images from AirPods listings

Amazon pulls racist images from AirPods listings

View
Amazon sellers use 'collectible' label to dodge price gouging rules

Amazon sellers use 'collectible' label to dodge price gouging rules

View
Samsung's next Galaxy Watch gets spoiled by the FCC

Samsung's next Galaxy Watch gets spoiled by the FCC

View
Apple Watch Series 5 is on sale for $300 at Amazon

Apple Watch Series 5 is on sale for $300 at Amazon

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr