NHS Lanarkshire Blames Missing Patch For WannaCry Impact

One of Scotland’s largest health boards failed to ensure that its IT systems were fully patched with a vital security update, which left it vulnerable to a widespread cyber attack.

NHS Lanarkshire had been one worst-hit health authorities in Scotland when the WannaCry ransomware wrecked havoc across the UK (and indeed the world) starting on May 12.

Eleven of Scotland’s 14 territorial health boards had been affected in that attack, and it forced NHS Lanarkshire (NHSL) to cancel 494 patient appointments and procedures at that time. But no data was lost or was unrecoverable.

The WannaCry malware caused disruption in May of this year

WannaCry Attack

And then in August NHS Lanarkshire confirmed that its IT systems and network had been infected again by a new variant of the Bitpaymer malware.

That ransomware attack in August led to 184 operations and doctors’ appointments being cancelled.

Ransomware encrypts data on the systems of those attacked and demands a payment to unlock the files. The WannaCry ransomware hit 150 countries in May, and typically demanded $300 (£230) in bitcoins to restore infected computers.

NHS Lanarkshire is Scotland’s third-largest health board and serves more than 650,000 people.

And now it has admitted in a ‘Significant Adverse Event Review Report‘ on the WannaCry attack, that its patching process had left it vulnerable, along with a couple of other issues.

This is despite the report stating that NHSL had recognised the increasing risk from cyber-attack back in 2015.

“While the malware affected many NHS organisations across England and Scotland, it had a significant impact on NHSL, with 1338 PCs affected in both acute and primary care settings,” the report said of the WannaCry attack in May.

“Over the course of the week following the incident, the infected PCs were either cleansed of virus on site or were replaced while cleansing took place. This was done on a prioritised basis, with additional IT support being provided by NHS Greater Glasgow and Clyde and NHS Ayrshire and Arran.”

What Went Wrong

The report found three main technical issues had led to NHS Lanarkshire being affected by WannaCry.

The first that while Microsoft had actually released a security patch in March 2017 that blocked WannaCry, it had only been deployed on GP servers, but “had not been rolled out due to ongoing testing and limited resources to deploy the patch sooner.”

The second issue was that unbelievably NHSL was still using 395 PCs that ran Windows XP – support for which had ended back in 2014.

Microsoft subsequently made a WannaCry patch available for XP systems.

NHSL said that a previous audit had incorrectly found there were no XP-running PCs, but in reality 190 of these PCs were still required to run XP as they were supporting medical devices which could not operate on more up to date software.

The third issue was that a configuration on desktop PCs called SMB version 1 was left on. The SMB configuration needed to be active in order for the Board’s laboratory system to operate effectively. The active SMB configuration was exploited by the malware to allow it to move across internal networks, said the report.

“As a result of these findings, the review team has concluded that there were major service issues that contributed to the event,” the report stated. “There were no significant adverse patient outcomes although there was the potential for major service implications.”

Do you know all about security in 2017? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

20 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

21 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

22 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

23 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

1 day ago