27 Oct 2017

WannaCry exposes basic IT security failings in the NHS

The global impact of WannaCry

The National Audit Office (NAO) report into the WannaCry cyber attack that crippled parts of the NHS in May compiled by its head Sir Amyas Morse has found that each of the NHS organisations affected by the hack could have taken simple actions to protect themselves.

The report states that the most basic of IT security precautions could have prevented the WannaCry ransomware attack from putting parts of the NHS out of commission.

The report reveals that warning signs were there in the run-up to WannaCry. It had been reported that several NHS trusts had spent nothing on cyber security in 2015; hospitals had been identified as a soft target as their IT systems were poorly funded and out of date; and organisations such as the National Data Guardian and the Care Quality Commission had warned the Department of Health that it needed to act against cyber threats.


“The WannaCry cyber attack was relatively unsophisticated and could have been prevented by the NHS following basic IT security best practice.

“There are more sophisticated cyber threats out there, so the Department of Health and the NHS need to get their act together to ensure the NHS is better protected.”

Sir Amyas Morse, head of the National Audit Office


To read more about this story click on the article embedded below:

Department of Health told WannaCry cyber attack could have been prevented by ‘basic’ security

The Department of Health has been ordered to “get its act together” after an official report found the largest cyber attack in NHS history could have been prevented if “basic IT security” precautions had been taken.

How Cyber Essentials can help

The first step to keeping your organisation safe from potential future cyber attacks is to be certified with Cyber Essentials.

Certification to the Government’s Cyber Essentials Scheme is a mandatory requirement for organisations wishing to win business with the MOD, and can help your organisation prepare and defend itself against malicious cyber attacks, regardless of the sector you operate in.

Sign up now to Cyber Essentials now!