NHS cyberattack may prove to be a valuable wake up call

When most of the NHS was brought to a standstill by the Wannacry virus on 12 May, initial attention focused on the residual use of the superceded Windows XP operating system in many of the affected NHS trusts. Its later versions—Windows Vista, and Windows 7, 8, and 10—are also vulnerable.

But to infect computers, Wannacry first had to get inside the network and past perimeter defences such as firewalls. Wannacry proved so disruptive because it exploited a set of vulnerabilities in Microsoft software using a tool known as Eternal Blue, believed to have been developed by the US National Security Agency and then leaked onto the internet by a hacking group called Shadow Brokers.

After Wannacry infects an initial computer, usually with email as the vector, it releases software onto the local network that seeks out other computers to infect. After infection, Wannacry encrypts files and issues a ransom demand for $300 for decryption. The ransom doubles after 72 hours.

The fact that Wannacry got into trusts’ networks highlights the variable state of NHS IT infrastructure and its maintenance (see box 1). Trusts that had not applied the latest critical patches to operating systems were particularly vulnerable.1