Almost a year on from the WannaCry ransomware attack[1], both the government and the National Health Service are failing to implement the required cybersecurity measures to ensure the organisation doesn't suffer from similar onslaughts in future.
WannaCry quickly spread around the world last May, infecting systems all over the globe[2]. The attack was indiscriminate, but the NHS became one of the most high profile victims of the attack[3].
Hospitals and clinics were forced offline and 20,000 appointments were cancelled. In some cases, systems didn't return to normal for weeks[4].
An investigation by MPs into the handling of the incident has called WannaCry "a wake-up call for the NHS" and says the health service and the government must do more to ensure systems are protected.
"The Department of Health and Social Care and its arm's-length bodies were unprepared for the relatively unsophisticated WannaCry attack," said the new report from the Public Accounts Committee.
The ability to invest in cyber security is also being hindered because the Department of Health "still does not know what financial impact the WannaCry cyber-attack had on the NHS," warn the MPs who set a deadline for June for an update of costed plans for "vital" cyber security investment.
"The extensive disruption caused by WannaCry laid bare serious vulnerabilities in the cyber security and response plans of the NHS," said Committee chair, Meg Hillier MP.
"It is therefore alarming that, nearly a year on from WannaCry, plans to implement the lessons learned are still to be agreed.
"Government must get a grip on the vulnerabilities of and challenges facing local organisations, as well as the financial implications of WannaCry and future attacks across the NHS," Hillier