UK defence secretary Sir Michael Fallon defends government spending on NHS cyber security after global ransomware attack hits hospitals

by

The NHS was among targets of a massive global cyber attack (Source: Getty)

The defence secretary Sir Michael Fallon has defended how much the government has spent on protecting the NHS from cyber attacks after ransomware brought many services at several major hospitals across the country to a halt over the weekend.

"A large chunk" of the £1.9bn promised to fight cyber crime went to the NHS, he said.

"We're spending around £50m on the NHS cyber systems to improve their security," he said, speaking on the BBC's Andrew Marr Show on Sunday morning.

Read more: This is where the UK ranks in global resilience to disasters

"We have encouraged the NHS Trusts to reduce their exposure to their weakest system, Windows XP, and less than five per cent of the trusts actually use that system anymore," he claimed.

"There is money available to strengthen these systems," he added.

However, estimates based on responses to Freedom of Information requests suggest as many as 90 per cent of firms were still using Windows XP by the end of last year, around two and a half years after Microsoft ended its support for the system and a year and a half after the government's extended support for it ended.

Labour shadow health secretary John Ashworth criticised cuts in funding NHS infrastructure made by the Conservatives, promising that it would spend £10bn in it and a " big priority" would be investing in cyber security and investing in IT. He also called on the government to release the department of health's risk register assessment about the problem.

It came as the researcher dubbed a hero for finding a "kill switch" that slowed the spread of the malware, warned that those behind the attack were likely working on a second version of it that would remove such a switch.

"Version one of WannaCry was stoppable but version 2.0 will likely remove the flaw. You're only safe if you patch ASAP," tweeted the unnamed researcher who tweets under the name @malwaretech. He was praised by the government's National Cyber Security Centre which is responding to the threat. It has said that more than 100,000 potential infections had been prevented.

The perpetrators have yet to be identified and the National Crime Agency (NCA), which is also part of the investigation, has said that there is "no indication that UK policing or other government departments have been infected with the ransomware".

Read more: Nissan and Renault latest firms to be hit in cyber attack

“This was a large-scale attack, but we are working closely with law enforcement partners and industry experts in the UK and overseas to support victims and identify the perpetrators," said the agency's deputy director of the National Cyber Crime Unit Oliver Gower.

Fallon said he would not comment on reports Britain's submarines also run Windows XP software, saying only that the fleet is "fully protected".

XP is more vulnerable to malware than later operating systems as it is no longer supported. Windows took the unprecedented step of issuing a patch to fix the vulnerability which left the NHS and several other companies at risk. Security experts have suggested the vulnerability was made public in a leak of information from the US surveillance agency the NSA which hackers have now exploited.

The boss of Europol has today revealed there are more than 200,000 victims in 150 countries around the world of the "unprecedented" attack.