NHS cyber attack was ‘relatively unsophisticated and could have been prevented’, probe finds

Stock photo
Stock photo

The cyber attack that crippled NHS computers across the Fylde coast was ‘relatively unsophisticated and could have been prevented’, an investigation has found.

And the head of the National Audit Office (NAO)today called for health bosses to act quickly before crooks carry out an even more damaging attack.

Amyas Morse, the head of the National Audit Office

Amyas Morse, the head of the National Audit Office

Amyas Morse said: “The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.

“There are more sophisticated cyber threats out there than WannaCry, so the department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

Almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, NAO said.

The malware is believed to have infected machines at 81 health trusts across England – a third of the 236 total, plus computers at almost 600 GP surgeries, the NAO found.

There were 1,217 computers affected across the Fylde coast – 996 of which were at Blackpool Victoria Hospital.

All were running computer systems – the majority Windows 7 – that had not been updated to secure them against such attacks.

Dan Taylor, NHS Digital’s Head of Security, said WannaCry had been ‘an international attack on an unprecedented scale’ and the NHS had ‘responded admirably to the situation’.