NHS cyberattack may prove to be a valuable wake up callBMJ 2017; 357 doi: https://doi.org/10.1136/bmj.j2818 (Published 15 June 2017) Cite this as: BMJ 2017;357:j2818
- Jon Hoeksma, editor
When most of the NHS was brought to a standstill by the Wannacry virus on 12 May, initial attention focused on the residual use of the superceded Windows XP operating system in many of the affected NHS trusts. Its later versions—Windows Vista, and Windows 7, 8, and 10—are also vulnerable.
But to infect computers, Wannacry first had to get inside the network and past perimeter defences such as firewalls. Wannacry proved so disruptive because it exploited a set of vulnerabilities in Microsoft software using a tool known as Eternal Blue, believed to have been developed by the US National Security Agency and then leaked onto the internet by a hacking group called Shadow Brokers.
After Wannacry infects an initial computer, usually with email as the vector, it releases software onto the local network that seeks out other computers to infect. After infection, Wannacry encrypts files and issues a ransom demand for $300 for decryption. The ransom doubles after 72 hours.
The fact that Wannacry got into trusts’ networks highlights the variable state of NHS IT infrastructure and its maintenance (see box 1). Trusts that had not applied the latest critical patches to operating systems were particularly vulnerable.1
Box 1: Is the NHS particularly vulnerable?
After the initial crisis and recovery efforts, attention has now turned to establishing why the NHS was so vulnerable—far more so than other public services also running ageing software.
The use of older operating systems embedded in medical equipment is worrying because it is difficult to install security patches in devices, check-in kiosks, cameras, and scanners. The sheer number of brands and models makes it harder to manage the different devices, resulting, for example, in poor patch …