WannaCry and the NHS: Seven Years On, Are We Safer?
On 12 May 2017, WannaCry ransomware began spreading across the globe. Within hours, 80 NHS organisations were affected — hospitals locked out of their own systems, appointment booking systems down, ambulances diverted. The cause was devastatingly simple: unpatched Windows XP systems that had been warned about for years. The £92 million recovery cost and the public visibility of patient harm made WannaCry a watershed moment for NHS cybersecurity. Seven years on, the lessons have been partially learned — but vulnerabilities remain.
WannaCry cost the NHS £92 million and affected 80 trusts — yet the vulnerability it exploited (unpatched legacy systems) remains widespread across NHS infrastructure.
What WannaCry Exploited — and Why the Risk Persists
WannaCry exploited EternalBlue — an NSA-developed exploit leaked by the Shadow Brokers — to target the SMBv1 protocol vulnerability in unpatched Windows systems. Microsoft had released the patch (MS17-010) two months earlier, but NHS organisations had not applied it to their legacy systems — many running Windows XP which had reached end-of-life in 2014. Post-WannaCry investment in NHS cybersecurity was significant: NHS England created the CareCERT service, funding was allocated for replacing legacy systems, and DSPT requirements were strengthened. However, the NHS still operates many legacy medical devices and clinical systems on operating systems that cannot be patched — the structural vulnerability has not been eliminated.
How Healthcare Organisations Can Avoid Repeating WannaCry
The primary lessons of WannaCry that remain relevant today: patch management must be a clinical priority, not just an IT task — senior leadership must hold IT teams accountable for patch timelines; legacy systems that cannot be patched must be compensated by network segmentation and enhanced monitoring; asset inventory is foundational — WannaCry spread so widely partly because NHS IT teams did not know all the systems on their networks; offline backups are essential — organisations that could restore from clean backups recovered faster; and incident response must be practiced — NHS organisations that had tested their downtime procedures fared better clinically during the outage.
Kyanite Blue specialises in cybersecurity for iGaming operators. MGA-licensed operators across Malta trust our stack.
Get in touchReady to secure your iGaming operation?
MGA-licensed operators across Malta trust Kyanite Blue.