The British government has revealed that North Korea was behind the WannaCry ransomware hack that targeted British hospitals.
The Independent reports that the British government is nearly certain that North Korea was behind the WannaCry ransomware hack that massively affected NHS IT systems in May of this year. According to a report released by the National Audit Office on Friday, hospital networks were left vulnerable to the attack as basic cybersecurity measures had not been implemented. Appearing on the BBC Today programme, British Security Minister Ben Wallace asserted that British government now believes that a North Korean hacking group is responsible for the ransomware attack.
“This attack, we believe quite strongly that this came from a foreign state,” Mr. Wallace said. Saying that the state involved was “North Korea”, he added, “We can be as sure as possible. I obviously can’t go into the detail of intelligence, but it is widely believed in the community and across a number of countries that North Korea had taken this role.”
When asked what steps the British government could take in the situation, Wallace replied that it would be “challenging” to arrest anyone responsible for the hack when a “hostile state” such as North Korea is involved. Wallace called on countries in the West to develop a “doctrine of deterrent” similar to the nuclear deterrent employed by most countries.
“We do have a counterattack capability,” said Wallace. “But let’s remember we are an open liberal democracy with a large reliance on IT systems. We will obviously have a different risk appetite. If you get into it for that there has to be serious consideration of the risk we would expose UK citizens to.”
According to the NAO’s investigation, approximately 19,500 medical appointments, including 139 potential cancer referrals, were canceled as a result of the WannaCry attack, with five hospitals being forced to divert ambulances away after they were unable to access computers. The report also states that NHS Digital, the IT body that monitors the hospital’s computer systems, issued alerts throughout March and April warning the NHS that they must update and patch their systems in order to protect themselves from hackers and viruses.
Keith McNeil, chief clinical information officer for health and care at NHS England, commented on the hack saying, “No harm was caused to patients and there were no incidents of patient data being compromised or stolen. Tried and tested emergency plans were activated quickly and our hard-working NHS staff went the extra mile to provide patient care, keeping the impact on NHS services and patients to a minimum.”
Amyas Morse, head of the National Audit Office, said “The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice.” Morse continued,
“There are more sophisticated cyber threats out there than WannaCry so the department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”