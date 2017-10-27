UK's NHS Could Have Avoided WannaCry Hack With 'Basic IT Security', Says Report (theguardian.com) 12
An anonymous reader shares a report: The NHS could have avoided the crippling effects of the "relatively unsophisticated" WannaCry ransomware outbreak in May with "basic IT security," according to an independent investigation into the cyber-attack. The National Audit Office (NAO) said that 19,500 medical appointments were cancelled, computers at 600 GP surgeries were locked and five hospitals had to divert ambulances elsewhere. "The WannaCry cyber-attack had potentially serious implications for the NHS and its ability to provide care to patients," said Amyas Morse, the head of the NAO. "It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber-threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks."
Basic IT security, i.e. don't use Microsoft.
Except health outcomes are better in the UK than the USA.
I know it is fashionable to bust on MS -- always has been here. I will say that from a security standpoint (if not a privacy standpoint, which is related but not the same), they have gotten better. That aside, the fact remains that if you don't do the first 5 of the CIS critical security controls, doing the remaining 15 doesn't really matter.
Of course throwing blinkin-light boxes, doing pen tests, etc. is all the "sexy" parts of security, but here's the deal -- MS patched t
Most things can be fixed with basic IT security. (Score:5, Interesting)
The problem is there are a lot of things under basic IT security and it is nearly impossible to checklist them all.
Health Care tends to be at least a decade behind in technology and implementing new technology is a big deal, because breaking a downstream system, could cost someones life. So there is nearly always a big queue of things that should be done that you just can't get business approval to do.
doctors independent contractors / own offices have to do there own IT. Other times they are stuck on old apps that may need ADMIN rights and even only run in windows XP.
But security costs money!