Britain ‘as sure as possible’ that North Korea perpetrated WannaCry cyber-attack

  • 30 October 2017
Britain ‘as sure as possible’ that North Korea perpetrated WannaCry cyber-attack
Bradford Royal Infirmary; one of the hospitals using the new image store

Britain’s security minister has blamed North Korea for the ransomware outbreak that wreaked havoc on NHS services earlier this year.

Ben Wallace said in an interview with the BBC that the Home Office was “as sure as possible” that Pyongyang was behind the global WannaCry cyber-attack that affected more than a third of NHS trusts in England in May.

In a radio interview on 27 October, Wallace said: “This attack, we believe quite strongly, came from a foreign state. North Korea was the state that we believe was involved this world-wide attack.”

Wallace also suggested that other nations had reached the same conclusion. “I can’t obviously go into the detailed intelligence, but it is widely believed in the community and across a number of countries that North Korea had taken this role,” he said.

A report from the National Audit Office (NAO) last week found that at least 81 of the 236 NHS trusts in England were disrupted by the WannaCry cyber-attack, which locked staff out of medical equipment and led to the cancellation of some 19,494 appointments.

The NAO investigation concluded that the cyber-attack’s impact on the NHS could have been prevented had it followed basic IT security protocols, such as keeping computer software up-to-date and maintaining security firewalls.

The NHS was also criticised heavily for the way it handled communication during the outbreak of the attack – specifically that it took several hours for NHS Digital to publicly acknowledge that a cyber-attack had taken place.

Britain’s National Health Service wasn’t the only organisation affected by the ransomware attack, which spread to more than 100 countries and affected some 200,000 IT systems worldwide.

Andy Barratt, UK managing director at cybersecurity consultancy firm Coalfire, told Digital Health News: “An important lesson to learn from the NHS hack is how strategically valuable a target public sector orgnisation can be.”

“The high regard that institutions like this are held in makes them a very attractive target to those wishing to undermine the government, particularly as we are now reasonably confident that another nation state carried out the attack.”

“Public sector organisations like the NHS will always be a magnet for cyber criminals so it’s vital that the correct protocols are put in place and adequate investment in security afforded.”

The NHS has since announced an extra £21 million in funding to improve its defences against future cyber-attacks and has established the Care Computer Emergency Response Team (CareCERT), which offers advice and guidance to health organisations dealing with cybersecurity threats.

Subscribe to our newsletter

Subscribe To Our Newsletter

Subscribe To Our Newsletter

Sign up

Related News

How to equip NHS staff with cyber security skills they will use

How to equip NHS staff with cyber security skills they will use

Too often, cyber security training is a seen as a burden. But it is possible to make it relevant and useful, writes Nasser Arif.
Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside ICS selects cyber security platform

Cheshire and Merseyside Integrated Care System has selected a healthcare cyber security platform from Cynerio to strengthen its defences.
How to find your inner ‘cyber defender’

How to find your inner ‘cyber defender’

A "back to basics" and "honest" approach to personal cyber security can help NHS staff make larger improvements at work, writes Nasser Arif.

3 Comments

  • I think the digital community should stay out of the political imperative to create or perpetuate the next world bogey man stampede. Statements like “as sure as possible” should tell you something, and by “other nations”, we know who that is.

  • Well, we were wide open.

    • Isn’t that victim blaming…

Comments are closed.