An anonymous reader shares a report: The NHS could have avoided the crippling effects of the "relatively unsophisticated" WannaCry ransomware outbreak in May with "basic IT security," according to an independent investigation into the cyber-attack. The National Audit Office (NAO) said that 19,500 medical appointments were cancelled, computers at 600 GP surgeries were locked and five hospitals had to divert ambulances elsewhere. "The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients," said Amyas Morse, the head of the NAO. "It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks."