What strategic cybersecurity steps are being taken by NHS organisations right now, and are they enough to prevent future attacks?
According to the newly published review authored by Will Smart, chief information officer of NHS England, only 1 percent of NHS activity was directly impacted by WannaCry with 80 of the 236 hospital trusts affected, plus 595 of the 7,545 GP practices. However, the vulnerability of NHS infrastructure was laid bare for all to see. An historic underinvestment in network security, unpatched legacy software and unpatchable hardware devices, were exposed; along with poor discipline and accountability at the highest levels within individual trusts. Although the number of devices in the NHS running on unsupported Windows XP software has dropped to just 1.8 percent at the end of January, NHS England admits that most devices infected by WannaCry were running on the supported, but unpatched, Windows 7 OS. Indeed, none of those 80 trusts that were affected by WannaCry had applied the Microsoft patch that would have prevented it, despite a CareCERT advisory more than two weeks prior to the attack itself.