A serious WannaCry ransomware attack occurred in May 2017. The hackers exploited vulnerabilities in the UK’s National Health Service (NHS) systems. They installed their malicious payload into the systems and disrupted services at more than 50 NHS Trusts. The attack resulted in the cancellation of appointments and postponement of operations. It took some time to mitigate the WannaCry ransomware attacks. If they did not find the kill switch and filipped it, the damages would have been a lot worse.
The attacks affected 600 GP surgeries. Five hospitals had no choice but to divert ambulances to other hospitals. Over 19,500 scheduled appointments were cancelled. About 1% of NHS devices and diagnostic equipment were affected.
Because of the widespread WannaCry ransomware attacks, the government investigated the state of cybersecurity at the NHS. The National Audit Office (NAO) came up with a report recently confirming the poor state of cybersecurity and the extent of disruption. The report revealed that many NHS trusts still use outdated and unsupported operating systems. Many had not implemented basic security measures to avoid attacks. There had been multiple warnings issued regarding the risk of cybercriminals leveraging the vulnerabilities, but the trusts did not take action until the WannaCry attack happened.
According to Chief of the NAO, Amyas Morse, the WannaCry attacks could have been avoided if the basic cybersecurity measures were implemented. The attack serves a warning to the Department of Health and the NHS to do their job to protect the systems from cyberattacks in the future.
Even if NHS has a funding crisis, it was critical to improve cybersecurity defenses. So, a £20 million funding was set aside to improve digital defenses. Some of the funding will be paid to ethical hackers who will exploit system vulnerabilities before cybercriminals can find and exploit them. This proactive approach aims to prevent future cyberattacks by finding and addressing security weaknesses immediately. The pen testing will be first conducted on NHS Digital’s system before on NHS Trusts and hospitals.
There are also plans of creating a national cybersecurity monitoring and alerting service that covers the entire UK health system. The new system will give real-time alerts of security threats so that hospitals and Trusts can be notified immediately to address the issues.