British government urged to learn lessons from WannaCry

Cyber attacks are “weapons” which should be treated as a serious, critical threat, a group of British MPs said as they called on the British government to learn lessons from the WannaCry attack on the NHS. In a report on the cyber breach in the health service last year, the Public Accounts Committee (PAC) referred to the nerve agent poisoning of double agent Sergei Skripal and his daughter Yulia, saying the incident has “heightened concerns about the UK’s ability to respond to international threats”. The MPs warned cyber attacks could have a “huge impact” on safety and security. The comments come after Britain and the US issued a formal alert about “malicious cyber activity” by Russia.

The latest PAC report details how the Department of Health and Social Care (DHSC) and its arm’s-length bodies were “unprepared” for the global WannaCry attack, which disrupted NHS services in May 2017. MPs said the attack could have been “much worse” and that the NHS was “lucky” that the threat was tackled quickly. They said the attack was “relatively unsophisticated” in that it locked devices but did not seek to alter or steal data. But they warned: “Future attacks could be more sophisticated and malicious in intent, resulting in the theft or compromise of patient data.”

Ransom demand

The WannaCry attack affected more than 200,000 computers in at least 100 countries. Data on infected computers was encrypted and users faced a ransom demand to unlock their devices. A total of 80 of 236 NHS trusts across England suffered disruption, because they were either infected by the ransomware or had turned off their devices or systems as a precaution. The ransomware infected another 603 NHS organisations including 595 GP practices. The health service was forced to cancel almost 20,000 hospital appointments and operations as a result and five A&E departments had to divert patients to other units.

Press Association