N Korea carried out NHS cyber attack, says minister
‘If you get into a tit-for-tat there has to be serious consideration of the risks we would expose UK citizens to’
NORTH KOREA was responsible for the Wannacry cyber attack that crippled parts of the NHS earlier this year, a minister has said.
Ben Wallace, the security minister, said the Government believed “quite strongly” that a foreign state was behind the ransomware attack and named North Korea.
The rogue nation has been widely blamed for the May cyber attack in security circles and Brad Smith, who is Microsoft president, has also pointed the finger at Kim Jong-un.
Mr Wallace said: “This attack, we believe quite strongly that it came from a foreign state. North Korea was the state that we believe was involved in this worldwide attack.”
He told BBC Radio4’s Today that “we can be as sure as possible” and “it is widely believed in the community and across a number of countries that North Korea had taken this role”.
Mr Wallace suggested the attack could have been motivated by an attempt by the economically isolated state to access foreign funds. “North Korea has been potentially linked to other attacks about raising foreign currency,” he said.
He made the claim after the NHS was told to “get its act together” or risk another devastating cyber attack.
An investigation into the digital crisis by the National Audit Office (NAO), found that NHS bodies had been warned as early as 2014 that their systems were vulnerable. In the months preceding the attack, NHS Digital had issued “critical alerts” urging IT departments to update their online security. The NAO report found almost 19,500 medical appointments, including 139 potential cancer referrals, were probably cancelled, with five hospitals forced to divert ambulances away after being locked out of computers on May 12.
NHS Providers, which represents hospitals, warned that further attacks were “inevitable” while the head of the NAO said the health service must improve its resilience or suffer a more sophisticated and damaging breach.
“The Wannacry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients,” said Sir Amyas Morse, the NAO auditor general. “It was a relatively unsophisticated attack and could have been prevented. There are more sophisticated cyber threats out there than Wannacry.”
Asked what the UK could do in response to the attack, Mr Wallace admitted that it would be “challenging” to arrest anyone when a “hostile state” was involved and called on the West to instead develop a “doctrine of deterrent” similar to that used to prevent the use of nuclear weapons.
Mr Wallace said: “We do have a counter-attack capability, but let’s remember we are an open liberal democracy with a large reliance on IT systems.
“We will obviously have a different risk appetite. If you get into tit-for-tat there has to be serious consideration of the risk that we would expose UK citizens to.”