‘Basic IT security’ could have prevented UK NHS WannaCry attack – Cyber Security Review

‘Basic IT security’ could have prevented UK NHS WannaCry attack

England’s National Health Service (NHS) could have avoided the ransomware hack that crippled its systems in May, according to a government report. “Basic IT security” was all that was required to prevent the “unsophisticated” WannaCry attack, which affected more than a third of NHS organizations, said the National Audit Office (NAO). The full scale of the incident saw over 19,000 medical appointments canceled, and computers at 600 surgeries locked down.

The attack didn’t stop with the NHS, instead spreading to computers around the globe. Victims were confronted with a message on their machines declaring that their data had been encrypted, and could only be accessed if they forked out $300 (sent via bitcoin). The infection used a computer exploit, known as “ETERNALBLUE,” developed by the National Security Agency (NSA), and leaked online by hacking group The Shadow Brokers. Although, the hackers reportedly managed to extort more than $100,000 using the malware, it seems the NHS didn’t hand over a single penny. But, the overarching cost of the disruption may never come to light.

Read more…
Source: Engadget