The NHS cyber-attack: A look at the complex environmental conditions of WannaCry

Initial reports of a large cyber-attack involving the NHS emerged on Friday, May 12, 2017.3 Reports of other organisations facing similar trouble surfaced, with the Spanish telecom company Telefonica, car manufacturer Renault, and logistics business FedEx all being affected. The attack exposed some of the weaknesses of the NHS as an IT organisation. As perhaps the most high profile organisation affected by the malicious software, or malware, it brought questions to the fore over its responsiveness, and the likelihood of such activities happening again. Certain NHS organisations were severely impacted many days after the initial entry of some components onto networks. It is important to note that the NHS was not a direct target, but was impacted due to its complex environments – computing, medical, political and so on. The mixture of these environmental challenges, with the need for relatively ‘open’ systems, legacy devices and fiscal constraint, all played a role. This article outlines what the malware WannaCry is, its operation, and preparedness then and now.