The cyber attack that crippled NHS computers across Lancashire was ‘relatively unsophisticated and could have been ‘prevented’, an investigation has found.
And the head of the National Audit Office (NAO)today called for health bosses to act quickly before crooks carry out an even more damaging attack.
Amyas Morse said: “The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients.
“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.
“There are more sophisticated cyber threats out there than WannaCry, so the department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
Almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, NAO said.The malware is believed to have infected machines at 81
health trusts across England – a third of the 236 total, plus computers at almost 600 GP surgeries, the NAO found.
Around 3,000 computers at the Royal Preston and Chorley and South Ribble Hospitals were infected by the virus.
And Lancashire Teaching Hospitals NHS Foundation Trust previously said that 441 procedures and appointments were affected but ‘were quickly re-arranged’.
All were running computer systems that had not been updated to secure them against such attacks.
Dan Taylor, NHS Digital’s Head of Security, said WannaCry had been ‘an international attack on an unprecedented scale’ and the NHS had ‘responded admirably to the situation’.