NHS Cyberattack Threatens Thousands in Healthcare Industry

Posted by Frank Strafford on May 24, 2017 in Industry News, Security,

The world is still shaking from the recent WannaCry ransomware attack. The largest cyberattack in England’s National Health Service (NHS) history, this virus may cost innocent people their lives as medical institutions scramble to regain sanity after being infected. Find out what happened, who’s to blame, and how this can be avoided in the future.

How Cybercrooks Made the World Wanna Cry

Global institutions were paralyzed, unable to treat patients after the WannaCry attack that froze medical records, locking down all systems. The medical sector was severely hit, but it was more widespread. Germany’s railway network screeched to a halt as hackers took charge of the Deutsche Bahn computer system. Spain’s Telefonica was also hit, along with FedEx in the U.S., and many others.

The total damage was astronomical. WannaCry infected 250,000 systems, spreading itself across 99 countries around the globe.

How Did This Happen?

Such an attack left many wondering how all this was even possible. A tool called Eternal Blue is a weapon developed by the NSA to be used to retrieve information or gain access to computers of terrorists and other nefarious organizations. It gives users the ability to hack into any Windows OS computer. This tool was stolen by hacking organization Shadow Brokers, who put the virus onto an open server where other groups could utilize it for malicious intent. Computers with outdated software or ones who failed to upgrade to newer versions were susceptible to the attack.

The Far-Reaching Effects

Among the tens of thousands of institutions that were affected by the Eternal Blue malware, were many hospitals, including these British establishments:

  • Barts Health Tru
  • Derbyshire Community Health Services Trust
  • Plymouth Hospitals NHS Trust
  • NHS Greater Glasgow and Clyde
  • NHS Fife, Western Isles, Tayside, Grampian, National Services
  • Colchester General Hospital
  • Scottish Ambulance Services

…among many others. In fact, roughly 20% of UK’s NHS fell.

The Damage Toll Rises

Eternal Blue malware

The Eternal Blue malware infected computers and effectively took control of the entire system. A warning sign showed up on the infected machine informing the user that files were inaccessible. The only way to retrieve these files was to pay the ransom, between $300 and $600. The immediate fallouts of this virus were devastating. Appointments and surgeries were cancelled because important records such as allergies, x-rays, blood tests, and medical histories were inaccessible. Ambulatory services were unable to respond to emergency calls properly, being diverted to different hospitals that hadn’t been affected.

Some hospitals were turning patients away, while others hung signs saying only truly life-threatening emergencies would be treated. Hospital staff was forced to use antiquated practices, sending patients off with hand-written prescriptions and taking notes with simple pen and paper.

The Global Response

The U.S. healthcare systems along with the U.S. Department of Homeland Security and GCHQ’s National Cyber Security Centre were quick to rally. They worked tirelessly to update older operating systems that had patches available. Additionally, Microsoft pushed an automatic update patch for all software versions. All security software was updated as well.

Meanwhile, the U.S. Department of Health and Human Services (HHS) issued an alert warning those in healthcare and public health organizations to boost their cybersecurity practices following the WannaCry attack.

Who’s Really to Blame?

Where to point the finger of blame is a heated topic. Shadow Brokers stole the virus and put it out for cybercriminals to access, but they’re not the ones who used it. So who is really to blame? On the one hand, hospitals were using outdated software that they should have upgraded long ago. With a simple click of a button, this entire mess could have been avoided, making a strong case against individuals who didn’t upgrade out of sheer laziness.


Many NHS servers were left with ancient software versions, using obsolete systems and leaving gaping holes in the security for months. One figure showed that 90% were using 16-year old software. The NHS is responsible for the entire healthcare system,

they should have been aware of and penalizing anyone with outdated software.

Finally, many are furious with the NSA. This is not the first time that a hacking group stole national security  files that the NSA had been cooking up and secreting away for later, and used them against the world. Several people are accusing the NSA of housing dangerous weapons that aren’t sufficiently protected, putting the entire world in peril in a very Avengers-esque sort of way.

Protecting Yourself from Cyberattacks

There is much that could have been done to avoid such a catastrophic incident, and organizations should be eager to implement procedures (old and new) – yet it remains to be seen that the OIG will jump on board and mandate new security protocols.

Some of the most important procedures and practices health compliance officers can implement to prevent similar attacks include:

  • Inform employees of basic security practices such as not downloading unknown files, clicking on strange links, and connecting unprotected devices.
  • Always keep security and software updated. It can save you from immeasurable damage.
  • Back up files frequently onto servers or devices unrelated to your main network.
  • Finally, and most importantly, make sure you ‘think before you click!’

About Frank Strafford

About Frank Strafford

Related Articles


June 2, 2022

Even though COVID-19 seems to be receding in the minds of many, it continues to be the source of significant law enforcement actions at the federal level. COVID-related criminal investigations and pro...

Texas OIG Trumps All Others in ...

July 6, 2015

Is the Texas OIG more aggressive than other states?  More efficient?  More serious? Maybe all of the above. Although all state OIGs have an equal mandate to discover and prosecute medical facilities...

Iowa MFCU’s Strong Performance in ...

September 19, 2022

In June, 2022, the OIG issued its 2021 Iowa Medicaid Fraud Unit (MFCU) Inspection Report. The OIG inspection revealed a MFCU unit with exceptionally strong case outcomes over the 2019-2021 period comp...

Understanding OIG Exclusions

OIG Exclusions Screening Process

Exclusion FAQS

Quick OIG Exclusion Basics

Employing Excluded Individuals

Consequences to Employing an Excluded Individual

OIG Compliance Law

Laws and Publications on OIG Compliance

More Compliance Resources

Our Culture

We build the best, so you can perform at your best.

Trusted for Good Reason

  • ✓ Guaranteed accurate
  • ✓ Certified Secure
  • ✓ Audit Proof
  • ✓ Feature-rich reporting
  • ✓ Round the clock real-time-data
  • ✓ Processing fully automated

Security First

  • ✓ Cloud hosted
  • ✓ Encrypted data
  • ✓ Real-time backups

Trusted for Accuracy

  • ✓ Physical security
  • ✓ Restricted access
  • ✓ Single sign-on
  • ✓ Password security
  • ✓ Certified secure
  • ✓ Cross checking




Average workload reduction by implementing the Streamline Verify program



Establishments trust Streamline Verify nationwide



Serving the healthcare industry’s unique compliance needs since 2011



Setting standards with hourly synchronization to primary source data