Latest in Gear

Image credit:

'Basic IT security' could have prevented UK NHS WannaCry attack

An investigation found the NHS had repeatedly been warned to "migrate" away from its dated systems.
Saqib Shah, @eightiethmnt
October 27, 2017
Share
Tweet
Share

Sponsored Links

PA Wire/PA Images

England's National Health Service (NHS) could have avoided the ransomware hack that crippled its systems in May, according to a government report. "Basic IT security" was all that was required to prevent the "unsophisticated" WannaCry attack, which affected more than a third of NHS organizations, said the National Audit Office (NAO). The full scale of the incident saw over 19,000 medical appointments canceled, and computers at 600 surgeries locked down.

The attack didn't stop with the NHS, instead spreading to computers around the globe. Victims were confronted with a message on their machines declaring that their data had been encrypted, and could only be accessed if they forked out $300 (sent via bitcoin). The infection used a computer exploit, known as "ETERNALBLUE," developed by the National Security Agency (NSA), and leaked online by hacking group The Shadow Brokers. Although, the hackers reportedly managed to extort more than $100,000 using the malware, it seems the NHS didn't hand over a single penny. But, the overarching cost of the disruption may never come to light.

Still, the attack could have been prevented if the NHS had followed simple cybersecurity measures, suggested the NAO. It had repeatedly been warned to "migrate" away from old Windows XP software, which was susceptible to the hack. And, in March and April, NHS Digital issued more warnings to organizations to patch the bug in their systems that later allowed WannaCry to spread. A cybersecurity assessment was conducted on 88 out of 236 NHS organizations, and none had passed, said the NAO.

The WannaCry virus was accidentally stopped by security researcher Marcus Hutchins using a domain-based kill switch. But, not before it affected a number of big-name companies, including FedEx, Renault, Telefonica, and even Germany's railway system. Since then, two more ransomwares have sprung up: NotPetya started in Ukraine in June and quickly spread worldwide, and Bad Rabbit plagued parts of Europe and Russia earlier this week.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

AOC's 'Among Us' Twitch stream peaked at over 435,000 viewers

AOC's 'Among Us' Twitch stream peaked at over 435,000 viewers

View
LG's rollable OLED TV goes on sale for $87,000

LG's rollable OLED TV goes on sale for $87,000

View
Cyberpunk 2077's dialogue was lip-synced by AI

Cyberpunk 2077's dialogue was lip-synced by AI

View
iPhone 12 and 12 Pro review: Apple enters the 5G era

iPhone 12 and 12 Pro review: Apple enters the 5G era

View
'Pokémon Go' gets AR Mapping tasks to enable more realistic effects

'Pokémon Go' gets AR Mapping tasks to enable more realistic effects

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr