NHS cyberattack: Staff were sent Windows patch that could have prevented ransomware attack

NHS cyberattack

Mike Egerton/PA Wire/PA Images

  • NHS Digital say IT staff were sent link to a patch that could have prevented last week’s cyberattack.
  • At least 45 NHS organisations across England and Scotland were hit by the attack.
  • The Health Secretary Jeremy Hunt was warned last year about NHS’ vulnerability to attack.

LONDON — The crippling cyberattack on the NHS could have been avoided if IT staff had followed guidance sent to them several weeks ago, it was claimed on Monday.

In a statement, NHS Digital said that IT staff across the NHS were sent a link to the latest Windows XP patch at the end of April.

A spokesperson for the organisation told Business Insider: “NHS Digital issued a targeted update on a secure portal accessible to NHS staff on April 25, and then via a bulletin to more than 10,000 security and IT professionals on April 27 to alert them to this specific issue.”

“These alerts included a patch to protect their systems. This guidance was also reissued following emergence of this issue.”

The free patch was issued by Microsoft in March, one month before a link to it was sent to staff by NHS Digital. It is not clear why it took so long for NHS Digital to send it, or why so many trusts failed to update their systems once notified.

The Health Secretary Jeremy Hunt was warned about the failure to update cyber security on NHS IT systems last year.

In a joint letter to the Health Secretary, the Care Quality Commission’s Chief Executive David Behan and the National Data Guardian, Dame Fiona Caldicott, warned of the urgent need to update unprotected computer systems.

The commission had been tasked by Hunt with identifying threats to patient data. In the letter they warned that “computer hardware and software that can no longer be supported should be replaced as a matter of urgency” and insisted that “more can be done to protect against potential risks”. Crucially they called on Hunt to ensure that “no unsupported operating systems, software or internet browsers are used within the IT estate.”

This is a developing story…