One of the alleged perpetrators behind 2017’s WannaCry ransomware attack has reportedly been charged by US officials.
According to the Guardian, the US Justice Department brought charges against Park Jin Hyok, an alleged North Korean spy, on 6 September for role in the global cyber-attack that crippled NHS systems in May last year.
The ransomware infiltrated NHS computers and locked out staff, demanding a ransom in return.
The incident, which affected IT systems around the world, resulted in the cancellation of thousands of appointments.
NHS Digital has since diverted millions of pounds into shoring up cyber security defences after a damning report from the National Audit Office (NAO) found that NHS infrastructure was woefully unprepared for an attack of such scale.
The NAO report also discovered that WannaCry affected at least 81 of the 236 trusts across England, either directly or indirectly.
In October 2017, the Home Office announced that North Korea was responsible for the attack.
The Guardian has also reported that Park is believed to have been involved in a cyber-attack against Sony’s film-making studios in December 2014.
The 34-year-old is thought to have launched the attack from China but it it now believed that he is in North Korea.
US officials are hoping to bring charges against Park, although it is uncertain whether North Korea will make him available for questioning, the Guardian reported.
It is believed that Park launched the 2014 cyber-attack in retaliation for a Hollywood film that mocked North Korean leader, Kim Jon Un.
While there have been visible moves to improve cyber security in the NHS in the months since WannaCry, the Public Accounts Committee in February criticised the pace at which improvements were being put into action.
13 September 2018 @ 13:28
“END OF.” is a phrase most of us associate with keyboard warriors at the extremes of an argument.
No mandate for NHS Cyber Security … really? Surely Cyber Security is a facet of Information Governance and/or IT Security and should therefore be covered by the IG Toolkit for which NHS D does have a mandate?
Of course there were local failings, but we collectively value what we measure and increasingly scarce NHS resources are targetted at meeting standards set by NHS D on behalf of central government. Was keeping MS and other security patches up to date a criteria set, measured and reported on under the IGT prior to the WannaCry attack?
If accountability for everything has been devolved to local organisations, what role does NHS D and its thousands of employees actually have?
12 September 2018 @ 01:16
This journalism is highly amusing:
“While NHS Digital has made visible moves to improve cyber security in the months since WannaCry, the organisation was lambasted by MPs earlier this year for not implementing improvements quickly enough.”
A few facts people forget, NHS Digital has no mandate over NHS Cyber Security, the PAC report is more critical of other ALBs, NHS Digital was not infected by WannaCry, monies for security were devolved to NHS orgs as part of the localisation agenda.
The PAC is a modern day stocks in the town square as no one will say what they really needs to say.
NHS orgs failed to act locally. It was a local problem. A local vulnerability they failed to fix. END OF.
13 September 2018 @ 13:15
I think this is a criticism of the lack of national level guidance / investment in cyber security for a public service like the NHS. Yes, it was a local problem… but that wasn’t backed from a national level to make cyber security a priority. And whilst NHS Digital or its services were not hacked/compromised, NHS Mail was used as a mode of infection, aiding in the spread of WannaCry.
13 September 2018 @ 20:45
81 out of 236 infected is terrible for the NHS but I don’t see where NHS Digital fits into this. Many of the errors were pretty basic. So basic, staff didn’t get this virus on their home computers (applied updates, virus and os upto date.
Some of the trusts with the virus were predictable and that has known causes eg High health/social costs (low economic area + high obesity etc), difficulties in recruitment. NHS Digital writing up guidelines won’t fix this.