Minister blames North Korea for NHS cyber attack
Ben Wallace suggested the attack could have been motivated by an attempt by the state to access foreign funds.
North Korea has been publicly blamed by the UK’s Security Minister for the WannaCry cyber attack which hit the NHS.
Home Office Minister Ben Wallace said the Government believed “quite strongly” that a foreign state was behind the ransomware attack and named North Korea.
Pyongyang has been widely blamed for the May cyber attack in security circles, and Microsoft’s president, Brad Smith, has also pointed the finger at Kim Jong Un’s secretive state.
Mr Wallace said: “This attack, we believe quite strongly that it came from a foreign state.
“North Korea was the state that we believe was involved this worldwide attack.”
He told BBC Radio 4’s Today programme that “we can be as sure as possible” and “it is widely believed in the community and across a number of countries that North Korea had taken this role”.
Mr Wallace suggested the attack could have been motivated by an attempt by the economically isolated state to access foreign funds.
“North Korea has been potentially linked to other attacks about raising foreign currency,” he said.
An independent investigation concluded that the cyber attack which crippled parts of the NHS could have been prevented if “basic IT security” measures had been taken.
The head of the National Audit Office warned the health service and Department of Health to “get their act together” in the wake of the WannaCry crisis, or risk suffering a more sophisticated and damaging future attack.
The NAO’s probe, released on Friday, found that almost 19,500 medical appointments, including 139 potential cancer referrals, were estimated to have been cancelled, with five hospitals having to divert ambulances away after being locked out of computers on May 12.
The malware is believed to have infected machines at 81 health trusts across England – a third of the 236 total, plus computers at almost 600 GP surgeries, the NAO found.
All were running computer systems – the majority Windows 7 – that had not been updated to secure them against such attacks.
Mr Wallace accepted that the attack could have been avoided if software had been properly updated.
“It’s a salient lesson for us all that all of us, from individuals to governments to large organisations, have a role to play in maintaining the security of our networks,” he said.
British systems came under attack on a weekly basis from organised criminals and “a number” of foreign countries which seek to collect intelligence or carry out a “state-sponsored criminal attack”.
The UK had the ability to fight back online, he added, but “if you get into tit-for-tat there has to be serious consideration about the risk we will expose the UK systems to”.
He said: “Other countries do have doctrines and military thinking along that line, but the West – the United States, Europe and the United Kingdom – are much more thoughtful about these things because, ultimately, if we were to take some action, we have to remember that some of these states may, as we have seen with this WannaCry, strike out at the rest of our functions.”
The West needed to discuss a “doctrine of deterrent” in order to prevent foreign states launching attacks.
In a report cataloguing the failures which led to May’s attack, the NAO said that while the health service’s IT arm NHS Digital had issued “critical alerts” about WannaCry in March and April, the DoH had “no formal mechanism” to determine whether local NHS organisations had taken any action.
NAO head Sir Amyas Morse said: “There are more sophisticated cyber threats out there than WannaCry so the Department (of Health) and the NHS need to get their act together to ensure the NHS is better protected against future attacks.”
More than 300,000 computers in 150 countries were infected with the WannaCry ransomware.
It crippled organisations from government agencies and global companies by targeting computers with outdated security.
A Number 10 spokeswoman said reports from various sources attributed the attack to a group known as Lazarus who are believed to operate in North Korea.