Minister: North Korea Behind Cyber Ransom Attack on NHS

October 27, 2017 Updated: October 27, 2017

North Korea was most likely behind a cyberattack that affected one-third of Britain’s health care system, a government minister has revealed.

But the “unsophisticated” attack on May 12 could have been thwarted simply by following basic IT security, according to a National Audit Office (NAO) report published on Thursday Oct. 27.

The attack froze NHS computers with WannaCry, a kind of ransom malware that encrypts infected computers, demanding a payment to restore the computer to normal.

The WannaCry attack caused 19,500 medical appointments in the NHS—which provides the majority of all healthcare in the UK—to be cancelled and five hospitals were forced to divert ambulances after staff were locked out of computers. 

The cyberattack was not limited to the UK and is thought to have affected over 100 countries worldwide, affecting various companies and organisations. The NHS is one of the largest organisations in the world, the 5th largest employer of any organisation, public or private.

Speaking to the BBC on Oct. 27, Home Office Minister Ben Wallace said that the government was “as sure as possible” that North Korea was behind the attack.

“This attack, we believe quite strongly that it came from a foreign state,” he said.

Ambulances wait outside the Accident and Emergency department of the Bristol Royal Infirmary on Jan. 10, 2017 ,in Bristol, England. (Matt Cardy/Getty Images)

“It is widely believed in the community and across a number of countries that North Korea [took on] this role”.

“North Korea has been potentially linked to other attacks about raising foreign currency,” he said.

Microsoft President Bill Smith has also said that the attack was initiated by North Korea.

Speaking to ITV news on Oct. 13. he said:  “I think at this point that all observers in the know have concluded that WannaCry was caused by North Korea using cyber tools or weapons that were stolen from the National Security Agency in the United States”.

Mr Smith said cyberattacks by nation-states have become more frequent and more severe.

“I think over last six months we’ve seen threats come to life, unfortunately, in a new and more serious way. The problem has become bigger,” he said.

The NA report said that the cyberattack would have caused much more damage if a cyber researcher hadn’t activated a “kill switch” stopping WannCry from locking further devices.

“The WannaCry cyberattack had potentially serious implications for the NHS and its ability to provide care to patients,” said Amyas Morse, head of the NAO.

“It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice,” Morse said in a statement on the NAO website. 

“There are more sophisticated cyberthreats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks,” Morse said.

Former chairman of NHS Digital, Kingsley Manning, told the BBC that a failure to upgrade old computer systems at a local level within the NHS had contributed to the rapid spread of the malware.

He said: “The problem with cybersecurity for the NHS is [that] it has a particular vulnerability … It’s very interconnected so if you get an attack in one place it tends to spread.”

Manning blamed a lack of time and resources. However, he said that within individual NHS organisations there was “frankly a lack of focus, a lack of taking it seriously,” which lay behind the failure to keep up with cybersecurity improvements.