NHS Trusts ignored patch that would’ve averted malware disaster

The ransomware attack that crippled crucial NHS systems across the UK and continues to cause disruption could have easily been contained, according to NHS Digital. The body, which oversees data and IT infrastructure across the NHS, said hospitals and other arms of the service had ample time to upgrade their systems. The ‘WannaCry’ malware variant used a Windows exploit Microsoft patched in mid-March this year. At the end of April, NHS Digital notified staff and “more than 10,000 security and IT professionals,” pointing them to a patch that would “protect their systems.” It seems this advisory fell on some deaf ears, which explains why only certain NHS Trusts were affected.

Over the weekend, NHS Digital also addressed speculation that aging infrastructure was to blame: “While the vast majority [of NHS organisations] are running contemporary systems, we can confirm that the number of devices within the NHS that reportedly use XP has fallen to 4.7 per cent, with this figure continuing to decrease.” Windows XP was put out to pasture in spring 2014, though the UK government did pay for an extra year of support back then. In reaction to the spread of ‘WannaCrypt,’ Microsoft took the “highly unusual step” of issuing a patch for out-of-support systems last Friday.

Reading between the lines, NHS Digital is basically blaming the update apathy of individual Trusts as the reason for the ransomware’s spread. It’s not the only one pointing fingers, though. In the aftermath of the attack, which hit organisations and companies across the world, Microsoft fired shots at the NSA, CIA and other intelligence agencies for keeping mum about vulnerabilities they discover. ‘WannaCrypt’ takes advantage of an exploit known as EternalBlue, for instance, which only really became common knowledge last month (though Microsoft had patched supported products before then). A mysterious group known as the “Shadow Brokers” published details of EternalBlue and other exploits online, claiming they were poached from the NSA’s cyber war chest.

Via: Sky News

Source: NHS Digital

Source: Engadget - Read the full article here

Author: Daily Tech Whip

This article is part of our 'News Tiles' service. The site is currently in Beta. When it is fully operational you will be able to search through and arrange the 'Tiles' to display a keyword, product or technology over your chosen time period. For example you would be able to display all of the leading tech articles on the new Kindle Fire, in one spot in real time. You will also have access to our own original reporting and analysis as well as a polished place to post your own thoughts & reviews here, amongst the Daily Tech Whip Community. Please let us know if you have any feedback via the contact form or via Twitter. Don't forget to come back next week and see our full site and claim your name and your own free tech blog.

Share This Post On