CybersecurityNorth Korea behind May 2017 WannaCry attack on British health services: U.K.

The British government has said it was all but certain North Korea carried out the “WannaCry” malware attack which hobbled the IT systems of the NHS, Britain’s national health service, in May.

The National Audit Office (NAO) released a report on Friday which found that hospitals and clinics were left exposed to cyberattack because they failed to follow basic cybersecurity recommendations.

Security Minister Ben Wallace, speaking on the BBC’s Today program, said the government now believes a North Korean hacking group was responsible, but stopped short of saying whether the United Kingdom would carry out retaliatory cyberattacks against the reclusive communist state.

“This attack, we believe quite strongly that this came from a foreign state,” Wallace said. He added that the state involved was “North Korea”, saying: “We can be as sure as possible. I obviously can’t go into the detail of intelligence, but it is widely believed in the community and across a number of countries that North Korea had taken this role.”

Asked what the United Kingdom could do in response to the attack, Wallace admitted that it would be “challenging” to arrest anyone when a “hostile state” was involved.

Wallace called on Western nations to develop a “doctrine of deterrent” similar to that used to prevent the use of nuclear weapons. “We do have a counter attack capability,” he said. “But let’s remember we are an open liberal democracy with a large reliance on IT systems. We will obviously have a different risk appetite. If you get into tit for tat there has to be serious consideration of the risk we would expose U.K. citizens to.”

CNBC reports that earlier an independent investigation concluded that the May cyberattack, which paralyzed parts of the NHS, could have been prevented if “basic IT security” measures had been taken.

The head of the NAO pointedly warned the health service and the Department of Health to “get their act together” in the wake of the WannaCry crisis, or risk being subject to a more sophisticated and destructive cyberattacks in the future.

The NAO’s investigation found that almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, with five hospitals having to divert ambulances away after being locked out of computers on 12 May.

The malware likely infected computer systems at 81 health trusts across England – a third of the 236 total, plus computers at almost 600 GP surgeries, the NAO found.

All the computers which were attacked were running computer systems – the majority Windows 7 – which had not been updated to secure them against such attacks.

Wallace accepted that the attack could have been avoided if software had been properly updated.

“It’s a salient lesson for us all that all of us, from individuals to governments to large organizations, have a role to play in maintaining the security of our networks,” he said.

British computer systems were subject to attacks on a weekly basis from organized criminals and “a number” of foreign countries which seek to collect intelligence or carry out a “state-sponsored criminal attack.”

Elaborating on the possibility of a U.K. online retaliation, Wallace said: “Other countries do have doctrines and military thinking along that line, but the West – the United States, Europe and the United Kingdom – are much more thoughtful about these things because, ultimately, if we were to take some action, we have to remember that some of these states may, as we have seen with this WannaCry, strike out at the rest of our functions.”

The NAO report offers a catalogue of failures which led to May’s attack. The NAO noted that the health service’s IT arm NHS Digital had issued “critical alerts” in March and April about WannaCry – but that the Department of Health had “no formal mechanism” to determine whether local NHS organizations had taken any action in response to the alerts.

NAO head Sir Amyas Morse said: “There are more sophisticated cyber threats out there than WannaCry so the Department (of Health) and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”

WannaCry attacks were not limited to the United Kingdom: More than 300,000 computers in 150 countries were also infected with the WannaCry ransomware. The malware crippled organizations — government agencies, global companies, small firms — by targeting computers with outdated security.