EVERY NHS Trust tested for cybersecurity in the wake of the WannaCry attack failed to meet safety standards, a new report has shown.
The Guardian reports on a Parliamentary hearing looking into the aftermath of WannaCry which admitted that all 200 NHS Trusts in the survey (out of 236 in total) had failed.
As such, the only reason that the WannaCry attack only got to 81 Trusts was that the brakes were put on - left unchecked, all of them would have been crippled.
The National Audit Office has confirmed that 600 GP surgeries were also hit.
Rob Shaw, the NHS Digital deputy chief executive told a Commons Public Accounts committee that some trusts have a "considerable amount" of work to do and that they were failing the "high bar" set by the national data guardian, Dame Fiona Caldicott.
"The amount of effort it takes from NHS Providers in such a complex estate to reach the cyber essentials plus standard that we assess against as per the recommendation in Dame Fiona Caldicott's report, is quite a high bar. So some of them have failed purely on patching which is what the vulnerability was around WannaCry,"
The ransomware worm is now recognised as probably having come from group of North Korean sponsored hackers, the Lazarus Group, whose motive was likely more about disruption rather than raising money.
It's not known how much damage was actually caused during the incident, but it is most likely to have been caused in no small part because of the large numbers of Windows XP powered machines still in active use and network connected.
Microsoft no longer supports XP but many organisations in the public sector still rely on it heavily, either for compatibility or because there is no budget to upgrade.
Because WannaCry can travel through networks, once it was in a Trust's system, it could easily travel to other machines, identifying itself as safe content. µ
Thanks to a hard-coded Nvidia Tegra X1 flaw
Time's up. Me too. Not him
Redmond says 'the fix is more complex than initially anticipated'
And, yep, they're really expensive