‘Consequences of WannaCry attack for British hospitals were easy to prevent’
The consequences of the WannaCry ransomware attack on British hospitals could have been prevented with a few simple steps. That is one of the conclusions of a report prepared by the National Audit Office.
The organization, which controls government spending for parliament, writes in the report that “all organizations affected by WannaCry shared the same vulnerabilities.” For example, they were all using unpatched or no longer supported Windows versions. The vast majority of organizations were running Windows 7, but without applying the necessary patches. A minority ran the unsupported Windows XP, which, for example, runs embedded with certain medical devices.
The report also concludes, “Whether organizations had unpatched systems or not, the infections could also have been prevented by properly managing Internet firewalls.” WannaCry spread in May through a vulnerability in SMB using the NSA exploit EternalBlue. Microsoft had released patches for this vulnerability two months before the Internet attack. The NAO writes that the malware also spread through the internal N3 network of the hospitals. Organizations had already been warned in 2014 to upgrade legacy systems, and patch warnings had been issued in March and April. Until the attack, however, there were no procedures to establish whether this advice was being followed.
It can also be concluded from the report that although there was a contingency plan, no practical exercise had taken place. As a result, the response to the incident was not optimal, partly because the use of e-mail was often not possible. The NHS reports that 34 percent of so-called trusts, or care services, were affected by WannaCry and estimates that a total of 19,000 appointments had to be cancelled. None of the affected organizations would have paid the requested ransom.
On Friday, the UK announced that it believes North Korea is responsible for the WannaCry ransomware attack. This belief is said to be “broadly supported in the intelligence community and across countries.” It is not the first time the attack has been linked to the country. Several security companies have seen a connection before.