WannaCry had a global impact, affecting hundreds of thousands of computers across 150 countries, but the NHS was among the hardest hit.
The UK Government believes North Korea is to blame for the WannaCry ransomware attack that debilitated the NHS earlier in 2017.
North Korea has previously been connected to the attack, but the strong suspicions from the Government provide substantiation.
Speaking to the BBC, the Minister for Security, Ben Wallace, said: “This attack, we believe quite strongly that it came from a foreign state… North Korea was the state that we believe was involved in this worldwide attack on our systems,” he told the BBC.”
WannaCry hit in May, striking targets globally with a ransomware cryptoworm and demanding payment in bitcoin. The NHS stands out as having been particularly badly affected, being reduced to reverting to pen and paper organisation.
“We can be as sure as possible – I can’t obviously go into the detailed intelligence but it is widely believed in the community and across a number of countries that North Korea had taken this role,” said Wallace.
The wider damage of the attack is thought to include 230,000 computers, affected by the attack that reached a colossal 150 countries worldwide.
Andrew Clarke, EMEA Director at One Identity: “Often we see cases where the organisation gets impacted by an attack – ransomware being the most reported – and afterwards we hear that the issue has been ignored, advice has been misunderstood or there has been a lack of visibility into whether or not the advice has been implemented comprehensively.
This is not just about the NHS, as for example in the recent case of Equifax we heard afterwards that a security notification regarding Adobe Struts application had not been applied thoroughly. In many cases the organisation does not have an inventory of all operating systems and applications that need to be patched – which makes the challenging task of patching even harder – a robust patch management system would aid that.
Patching was a problem for the NHS that made it easy for the attack to cause major damage, with outdated systems running on Windows XP, an operating no longer supported by Microsoft in the mainstream.
“However, one of the factors at the NHS that we must consider is that some of the specific medical equipment being used was only ever designed to run Windows XP – so in that case the options are limited. What could have been done better was the compartmentalization of environments that were known to be running older software so that if they did get impacted, the damage could be limited,” Clarke said.
With attacks becoming increasingly common and effective, methods and practices by which to heighten security should be on the minds of all.
Javvad Malik, security advocate at AlienVault, who said: Fundamental security controls and hygiene could have prevented, or at least minimised the impact of WannaCry on the attack. But perhaps even more telling is that while the Department of Health had an incident response plan, it was neither communicated nor tested. Without a clearly communicated and tested incident response plan, trying to make one up in the midst of an incident is a recipe for disaster.”
Focussing back on the real cost of the attack, Raj Samani, Chief Scientist and Fellow at McAfee, said: Reports that NHS England has identified 6,912 appointments cancelled as a direct result of the WannaCry ransomware, should be our primary focus. Recognising our dependency on technology and managing the risks to reduce the likelihood of disruption from further attacks being realised must be a priority.