Welsh civil servants saw off WannaCry

SiluresAs the WannaCry ransomware hit the UK NHS it seems that Welsh hospitals were saved because they did not rely on private enterprise.

In a move that flies in the face of the “private sector fixes everything better” the NHS Wales Informatics Service is public service organisation, which supplies more than 70 software services to users across NHS Wales.

Upon catching wind of the WannaCry attack, a major incident room was set up at the service’s Cardiff office – one of five in Wales – and additional monitoring was ordered across the country.

A spokeswoman from the service said: “At the NHS Wales Informatics Service we constantly provide real-time monitoring of NHS Wales’s digital services and IT systems, all of which are designed to have strong security measures.

“In addition we immediately put in extra security controls and co-ordinated the effort to protect our national and local systems, liaising closely with senior management from across NHS Wales.”

The team blocked all external emails sent to NHS Wales and applying new anti-virus definitions and patches to both national and local systems.

“Where the ransomware has been detected, immediate remedial action has been taken to prevent the spreading of the virus. This has ensured that no patient data has been compromised or lost.”

In the case of the NHS in England and Scotland, the use of connected networks – linking GP surgeries to main hospital infrastructures – meant that the virus could navigate it with relative ease. But there were no reports of the incident impacting on patient care anywhere in Wales.

But the Welsh success is making all the private sector deals in England look a bit weak.

NHS Wales was in fact attacked by the virus but monitoring software and processes identified each attack, allowing the Informatics Service to isolate and kill the virus.

In total, 37 computers were investigated as being suspected of having the virus but only seven were infected with the malware out of 55,000 computers in use across NHS Wales.

The Informatics Service are urging suppliers and partners to ensure that local systems are protected and that staff remain aware of the “on-going need” to protect the IT systems.