Ransomware hospital threat

North Korea blamed for WannaCry cyber attack that devastated the NHS

Image credit: Dreamstime

The UK government has blamed North Korea for the WannaCry cyber-attack that struck the National Health Service and other institutions around the world in May this year.

Home Office Minister Ben Wallace said that a foreign state was behind the ransomware attack and that it was “quite strongly” suspected to be North Korea.

“This attack, we believe quite strongly that it came from a foreign state,” he said. “North Korea was the state that we believe was involved this worldwide attack.”

He told BBC Radio 4’s ‘Today’ programme that “we can be as sure as possible” and “it is widely believed in the community and across a number of countries that North Korea had taken this role”.

The attack hit the NHS hard, crippling computer systems around the country and increasing the chances of a serious patient-care incident. 

An independent investigation conducted by the National Audit Office (NAO) concluded that the attack could have been prevented if “basic IT security” measures had been taken.

Wallace suggested it could have been motivated by an attempt by the economically isolated state to access foreign funds.

“North Korea has been potentially linked to other attacks about raising foreign currency,” he said.

The head of the National Audit Office warned the health service and Department of Health to “get their act together” in the wake of the WannaCry crisis, or risk suffering a more sophisticated and damaging future attack.

The NAO’s probe, released on Friday, found that almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, with five hospitals having to divert ambulances away after being locked out of computers on 12 May.

The malware is believed to have infected machines at 81 Health Trusts across England - a third of the 236 total, plus computers at almost 600 GP surgeries, the NAO found.

All were running computer systems - the majority Windows 7 - that had not been updated to secure them against such attacks.

Wallace accepted that the attack could have been avoided if software had been properly updated.

“It’s a salient lesson for us all that all of us, from individuals to governments to large organisations, have a role to play in maintaining the security of our networks,” he said.

British systems came under attack on a weekly basis from organised criminals and “a number” of foreign countries which seek to collect intelligence or carry out a “state-sponsored criminal attack”.

The UK had the ability to fight back online, he added, but “if you get into tit-for-tat there has to be serious consideration about the risk we will expose the UK systems to”.

Mark James, security specialist at cyber security firm ESET, said: “The worrying bit in the (NAO) report is the statement that reads “ NHS trusts had not acted on critical alerts from NHS Digital and a warning from the Department of Health and the Cabinet Office in 2014 to patch or migrate away from vulnerable older software.” If you have someone of perceived authority giving you instructions on how to protect your systems, then why was it not acted on?

“We are not talking about mass upgrades or huge costly system changes here, these are patches that are not overly hard to instigate and ensure they are in place. We all know how much it will cost the NHS to replace all their computers and devices, with the latest operating systems and to be frank, it would cause a massive strain on an already underfunded authority – but I would assume the recommendations would take into account the costs involved and would meet current budget levels.”

Sign up to the E&T News e-mail to get great stories like this delivered to your inbox every day.

Recent articles